Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
72997cd9 by security tracker role at 2022-07-06T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2022-35271
+ RESERVED
+CVE-2022-35270
+ RESERVED
+CVE-2022-35269
+ RESERVED
+CVE-2022-35268
+ RESERVED
+CVE-2022-35267
+ RESERVED
+CVE-2022-35266
+ RESERVED
+CVE-2022-35265
+ RESERVED
+CVE-2022-35264
+ RESERVED
+CVE-2022-35263
+ RESERVED
+CVE-2022-35262
+ RESERVED
+CVE-2022-35261
+ RESERVED
+CVE-2022-35260
+ RESERVED
+CVE-2022-35259
+ RESERVED
+CVE-2022-35258
+ RESERVED
+CVE-2022-35257
+ RESERVED
+CVE-2022-35256
+ RESERVED
+CVE-2022-35255
+ RESERVED
+CVE-2022-35254
+ RESERVED
+CVE-2022-35253
+ RESERVED
+CVE-2022-35252
+ RESERVED
+CVE-2022-35251
+ RESERVED
+CVE-2022-35250
+ RESERVED
+CVE-2022-35249
+ RESERVED
+CVE-2022-35248
+ RESERVED
+CVE-2022-35247
+ RESERVED
+CVE-2022-35246
+ RESERVED
+CVE-2022-34866
+ RESERVED
+CVE-2022-32765
+ RESERVED
+CVE-2022-2331
+ RESERVED
+CVE-2022-2330
+ RESERVED
+CVE-2022-2329
+ RESERVED
+CVE-2022-2328
+ RESERVED
+CVE-2022-2327
+ RESERVED
+CVE-2022-2326
+ RESERVED
CVE-2022-35234
RESERVED
CVE-2022-35233
@@ -16,12 +84,12 @@ CVE-2022-2323
RESERVED
CVE-2022-2322
RESERVED
-CVE-2022-2321 (Login Bruteforce attacks ...)
+CVE-2022-2321 (Improper Restriction of Excessive Authentication Attempts in
GitHub re ...)
NOT-FOR-US: Nakama
-CVE-2022-35230
- RESERVED
-CVE-2022-35229
- RESERVED
+CVE-2022-35230 (An authenticated user can create a link with reflected
Javascript code ...)
+ TODO: check
+CVE-2022-35229 (An authenticated user can create a link with reflected
Javascript code ...)
+ TODO: check
CVE-2022-35228
RESERVED
CVE-2022-35227
@@ -1676,14 +1744,14 @@ CVE-2022-34600
RESERVED
CVE-2022-34599
RESERVED
-CVE-2022-34598
- RESERVED
-CVE-2022-34597
- RESERVED
-CVE-2022-34596
- RESERVED
-CVE-2022-34595
- RESERVED
+CVE-2022-34598 (The udpserver in H3C Magic R100 V200R004 and V100R005 has the
9034 por ...)
+ TODO: check
+CVE-2022-34597 (Tenda AX1806 v1.0.0.1 was discovered to contain a command
injection vu ...)
+ TODO: check
+CVE-2022-34596 (Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command
injecti ...)
+ TODO: check
+CVE-2022-34595 (Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command
injecti ...)
+ TODO: check
CVE-2022-34594
RESERVED
CVE-2022-34593
@@ -3322,8 +3390,8 @@ CVE-2022-33981 (drivers/block/floppy.c in the Linux
kernel before 5.17.6 is vuln
[bullseye] - linux 5.10.113-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1
NOTE:
https://git.kernel.org/linus/233087ca063686964a53c829d547c7571e3f67bf (5.18-rc5)
-CVE-2022-33980
- RESERVED
+CVE-2022-33980 (Apache Commons Configuration performs variable interpolation,
allowing ...)
+ TODO: check
CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
...)
- vim <unfixed>
[stretch] - vim <postponed> (Minor issue)
@@ -4073,10 +4141,10 @@ CVE-2022-33740 (Linux disk/nic frontends data leaks
T[his CNA information record
NOTE: https://xenbits.xen.org/xsa/advisory-403.html
CVE-2022-33739 (CA Clarity 15.8 and below and 15.9.0 contain an insecure XML
parsing v ...)
NOT-FOR-US: CA Clarity
-CVE-2022-33738
- RESERVED
-CVE-2022-33737
- RESERVED
+CVE-2022-33738 (OpenVPN Access Server before 2.11 uses a weak random generator
used to ...)
+ TODO: check
+CVE-2022-33737 (The OpenVPN Access Server installer creates a log file
readable for ev ...)
+ TODO: check
CVE-2022-33736
RESERVED
CVE-2022-33202 (Authentication bypass vulnerability in the setup screen of
L2Blocker(o ...)
@@ -6763,8 +6831,7 @@ CVE-2022-32535 (The Bosch Ethernet switch PRA-ES8P2S with
software version 1.01.
NOT-FOR-US: Bosch
CVE-2022-32534 (The Bosch Ethernet switch PRA-ES8P2S with software version
1.01.05 and ...)
NOT-FOR-US: Bosch
-CVE-2022-32533
- RESERVED
+CVE-2022-32533 (** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not
sufficientl ...)
NOT-FOR-US: Apache Portals Jetspeed
CVE-2022-32532 (Apache Shiro before 1.9.1, A RegexRequestMatcher can be
misconfigured ...)
- shiro <unfixed>
@@ -7160,14 +7227,14 @@ CVE-2022-32388
RESERVED
CVE-2022-32387
RESERVED
-CVE-2022-32386
- RESERVED
-CVE-2022-32385
- RESERVED
+CVE-2022-32386 (Tenda AC23 v16.03.07.44 was discovered to contain a buffer
overflow vi ...)
+ TODO: check
+CVE-2022-32385 (Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that
will allo ...)
+ TODO: check
CVE-2022-32384 (Tenda AC23 v16.03.07.44 was discovered to contain a stack
overflow via ...)
NOT-FOR-US: Tenda
-CVE-2022-32383
- RESERVED
+CVE-2022-32383 (Tenda AC23 v16.03.07.44 was discovered to contain a stack
overflow via ...)
+ TODO: check
CVE-2022-32382
RESERVED
CVE-2022-32381 (itsourcecode Advanced School Management System v1.0 is
vulnerable to S ...)
@@ -7350,8 +7417,8 @@ CVE-2022-32292
RESERVED
CVE-2022-32291 (In Real Player through 20.1.0.312, attackers can execute
arbitrary cod ...)
NOT-FOR-US: Real Player
-CVE-2022-32290
- RESERVED
+CVE-2022-32290 (The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has
Incorre ...)
+ TODO: check
CVE-2017-20040 (A vulnerability was found in SICUNET Access Controller
0.32-05z. It ha ...)
NOT-FOR-US: SICUNET Access Controller
CVE-2017-20039 (A vulnerability was found in SICUNET Access Controller
0.32-05z. It ha ...)
@@ -10707,22 +10774,22 @@ CVE-2022-31133
RESERVED
CVE-2022-31132
RESERVED
-CVE-2022-31131
- RESERVED
+CVE-2022-31131 (Nextcloud mail is a Mail app for the Nextcloud home server
product. Ve ...)
+ TODO: check
CVE-2022-31130
RESERVED
-CVE-2022-31129
- RESERVED
+CVE-2022-31129 (moment is a JavaScript date library for parsing, validating,
manipulat ...)
+ TODO: check
CVE-2022-31128
RESERVED
-CVE-2022-31127
- RESERVED
-CVE-2022-31126
- RESERVED
-CVE-2022-31125
- RESERVED
-CVE-2022-31124
- RESERVED
+CVE-2022-31127 (NextAuth.js is a complete open source authentication solution
for Next ...)
+ TODO: check
+CVE-2022-31126 (Roxy-wi is an open source web interface for managing Haproxy,
Nginx, A ...)
+ TODO: check
+CVE-2022-31125 (Roxy-wi is an open source web interface for managing Haproxy,
Nginx, A ...)
+ TODO: check
+CVE-2022-31124 (openssh_key_parser is an open source Python package providing
utilitie ...)
+ TODO: check
CVE-2022-31123
RESERVED
CVE-2022-31122
@@ -10755,8 +10822,8 @@ CVE-2022-31113 (Canarytokens is an open source tool
which helps track activity a
NOT-FOR-US: thinkst/canarytokens
CVE-2022-31112 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Node parse-server
-CVE-2022-31111
- RESERVED
+CVE-2022-31111 (Frontier is Substrate's Ethereum compatibility layer. In
affected vers ...)
+ TODO: check
CVE-2022-31110 (RSSHub is an open source, extensible RSS feed generator. In
commits pr ...)
NOT-FOR-US: RSSHub
CVE-2022-31109
@@ -11533,8 +11600,8 @@ CVE-2022-30931 (Employee Leaves Management System
(ELMS) V 2.1 is vulnerable to
NOT-FOR-US: Employee Leaves Management System (ELMS)
CVE-2022-30930 (Tourism Management System Version: V 3.2 is affected by: Cross
Site Re ...)
NOT-FOR-US: Tourism Management System Version
-CVE-2022-30929
- RESERVED
+CVE-2022-30929 (Mini-Tmall v1.0 is vulnerable to Insecure Permissions via
tomcat-embed ...)
+ TODO: check
CVE-2022-30928
RESERVED
CVE-2022-30927 (A SQL injection vulnerability exists in Simple Task Scheduling
System ...)
@@ -12177,8 +12244,8 @@ CVE-2022-30621
RESERVED
CVE-2022-30620
RESERVED
-CVE-2022-30619
- RESERVED
+CVE-2022-30619 (Editable SQL Queries behind Base64 encoding sending from the
Client-Si ...)
+ TODO: check
CVE-2022-30618 (An authenticated user with access to the Strapi admin panel
can view p ...)
NOT-FOR-US: Strapi
CVE-2022-30617 (An authenticated user with access to the Strapi admin panel
can view p ...)
@@ -12309,8 +12376,8 @@ CVE-2022-30593
RESERVED
CVE-2022-30592 (liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC)
before 3.1. ...)
NOT-FOR-US: LiteSpeed QUIC (aka LSQUIC)
-CVE-2022-30591
- RESERVED
+CVE-2022-30591 (** DISPUTED ** quic-go through 0.27.0 allows remote attackers
to cause ...)
+ TODO: check
CVE-2022-30590
RESERVED
CVE-2022-30589
@@ -14508,7 +14575,7 @@ CVE-2022-29860
RESERVED
CVE-2022-29859 (component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka
SDK for ...)
NOT-FOR-US: SDK for Ameba1
-CVE-2022-29858 (Silverstripe silverstripe/assets through 1.10 allows XSS. ...)
+CVE-2022-29858 (Silverstripe silverstripe/assets through 1.10 is vulnerable to
imprope ...)
NOT-FOR-US: Silverstripe CMS
CVE-2022-29857
RESERVED
@@ -17295,8 +17362,8 @@ CVE-2022-28937 (FISCO-BCOS release-3.0.0-rc2 was
discovered to contain an issue
NOT-FOR-US: FISCO-BCOS
CVE-2022-28936 (FISCO-BCOS release-3.0.0-rc2 was discovered to contain an
issue where ...)
NOT-FOR-US: FISCO-BCOS
-CVE-2022-28935
- RESERVED
+CVE-2022-28935 (Totolink A830R V5.9c.4729_B20191112, Totolink A3100R
V4.1.2cu.5050_B20 ...)
+ TODO: check
CVE-2022-28934
RESERVED
CVE-2022-28933
@@ -24480,8 +24547,8 @@ CVE-2022-26414 (A potential buffer overflow
vulnerability was identified in some
NOT-FOR-US: Zyxel
CVE-2022-26413 (A command injection vulnerability in the CGI program of Zyxel
VMG3312- ...)
NOT-FOR-US: Zyxel
-CVE-2022-26348
- RESERVED
+CVE-2022-26348 (Command Centre Server is vulnerable to SQL Injection via
Windows Regis ...)
+ TODO: check
CVE-2022-26347
RESERVED
CVE-2022-26339
@@ -24490,8 +24557,8 @@ CVE-2022-26123
RESERVED
CVE-2022-26087
RESERVED
-CVE-2022-26078
- RESERVED
+CVE-2022-26078 (Gallagher Controller 6000 is vulnerable to a Denial of Service
attack ...)
+ TODO: check
CVE-2022-26058
RESERVED
CVE-2022-26055
@@ -28239,20 +28306,20 @@ CVE-2022-0588 (Exposure of Sensitive Information to
an Unauthorized Actor in Pac
NOT-FOR-US: LibreNMS
CVE-2022-0587 (Improper Authorization in Packagist librenms/librenms prior to
22.2.0. ...)
NOT-FOR-US: LibreNMS
-CVE-2021-46687
- RESERVED
+CVE-2021-46687 (JFrog Artifactory prior to version 7.31.10 and 6.23.38 is
vulnerable t ...)
+ TODO: check
CVE-2021-46270 (JFrog Artifactory before 7.31.10, is vulnerable to Broken
Access Contr ...)
NOT-FOR-US: JFrog Artifactory
CVE-2021-45730 (JFrog Artifactory prior to 7.31.10, is vulnerable to Broken
Access Con ...)
NOT-FOR-US: JFrog Artifactory
-CVE-2021-45721
- RESERVED
+CVE-2021-45721 (JFrog Artifactory prior to version 7.29.8 and 6.23.38 is
vulnerable to ...)
+ TODO: check
CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to
Broken A ...)
NOT-FOR-US: JFrog Artifactory
CVE-2021-41834 (JFrog Artifactory prior to version 7.28.0 and 6.23.38, is
vulnerable t ...)
NOT-FOR-US: JFrog Artifactory
-CVE-2021-23163
- RESERVED
+CVE-2021-23163 (JFrog Artifactory prior to version 7.33.6 and 6.23.38, is
vulnerable t ...)
+ TODO: check
CVE-2022-25146 (The Remote App module in Liferay Portal through v7.4.3.8 and
Liferay D ...)
NOT-FOR-US: Liferay
CVE-2022-25145
@@ -31348,14 +31415,14 @@ CVE-2022-24143 (Tenda AX3 v16.03.12.10_CN and AX12
22.03.01.2_CN was discovered
NOT-FOR-US: Tenda routers
CVE-2022-24142 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack
overflow i ...)
NOT-FOR-US: Tenda routers
-CVE-2022-24141
- RESERVED
-CVE-2022-24140
- RESERVED
-CVE-2022-24139
- RESERVED
-CVE-2022-24138
- RESERVED
+CVE-2022-24141 (The iTopVPNmini.exe component of iTop VPN 3.2 will try to
connect to d ...)
+ TODO: check
+CVE-2022-24140 (IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop
VPN 3.2, ...)
+ TODO: check
+CVE-2022-24139 (In IOBit Advanced System Care (AscService.exe) 15, an attacker
with SE ...)
+ TODO: check
+CVE-2022-24138 (IOBit Advanced System Care (Asc.exe) 15 and Action Download
Center bot ...)
+ TODO: check
CVE-2022-24137
RESERVED
CVE-2022-24136 (Hospital Management System v1.0 is affected by an unrestricted
upload ...)
@@ -33324,10 +33391,10 @@ CVE-2022-23716
RESERVED
CVE-2022-23715
RESERVED
-CVE-2022-23714
- RESERVED
-CVE-2022-23713
- RESERVED
+CVE-2022-23714 (A local privilege escalation (LPE) issue was discovered in the
ransomw ...)
+ TODO: check
+CVE-2022-23713 (A cross-site-scripting (XSS) vulnerability was discovered in
the Vega ...)
+ TODO: check
CVE-2022-23712 (A Denial of Service flaw was discovered in Elasticsearch.
Using this v ...)
- elasticsearch <removed>
CVE-2022-23711 (A vulnerability in Kibana could expose sensitive information
related t ...)
@@ -35233,10 +35300,10 @@ CVE-2022-23175
RESERVED
CVE-2022-23174
RESERVED
-CVE-2022-23173
- RESERVED
-CVE-2022-23172
- RESERVED
+CVE-2022-23173 (this vulnerability affect user that even not allowed to access
via the ...)
+ TODO: check
+CVE-2022-23172 (An attacker can access to "Forgot my password" button, as soon
as he p ...)
+ TODO: check
CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security
controls on na ...)
NOT-FOR-US: AtlasVPN
CVE-2022-23170 (SysAid - Okta SSO integration - was found vulnerable to XML
External E ...)
@@ -37136,8 +37203,8 @@ CVE-2022-22683
RESERVED
CVE-2022-22682
RESERVED
-CVE-2022-22681
- RESERVED
+CVE-2022-22681 (Session fixation vulnerability in access control management in
Synolog ...)
+ TODO: check
CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor
vulnerabili ...)
NOT-FOR-US: Synology
CVE-2022-22679 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
@@ -37226,7 +37293,7 @@ CVE-2022-22664 (An out-of-bounds read was addressed
with improved bounds checkin
CVE-2022-22663 (This issue was addressed with improved checks to prevent
unauthorized ...)
NOT-FOR-US: Apple
CVE-2022-22662 (A cookie management issue was addressed with improved state
management ...)
- RESERVED
+ {DSA-5116-1 DSA-5115-1}
- webkit2gtk 2.36.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.36.0-2
@@ -44833,56 +44900,56 @@ CVE-2022-21789
RESERVED
CVE-2022-21788
RESERVED
-CVE-2022-21787
- RESERVED
-CVE-2022-21786
- RESERVED
-CVE-2022-21785
- RESERVED
-CVE-2022-21784
- RESERVED
-CVE-2022-21783
- RESERVED
-CVE-2022-21782
- RESERVED
-CVE-2022-21781
- RESERVED
-CVE-2022-21780
- RESERVED
-CVE-2022-21779
- RESERVED
+CVE-2022-21787 (In audio DSP, there is a possible out of bounds write due to a
missing ...)
+ TODO: check
+CVE-2022-21786 (In audio DSP, there is a possible memory corruption due to
improper ca ...)
+ TODO: check
+CVE-2022-21785 (In WLAN driver, there is a possible out of bounds write due to
a missi ...)
+ TODO: check
+CVE-2022-21784 (In WLAN driver, there is a possible out of bounds write due to
a missi ...)
+ TODO: check
+CVE-2022-21783 (In WLAN driver, there is a possible out of bounds write due to
a missi ...)
+ TODO: check
+CVE-2022-21782 (In WLAN driver, there is a possible out of bounds write due to
a missi ...)
+ TODO: check
+CVE-2022-21781 (In WLAN driver, there is a possible out of bounds write due to
a missi ...)
+ TODO: check
+CVE-2022-21780 (In WLAN driver, there is a possible out of bounds write due to
a missi ...)
+ TODO: check
+CVE-2022-21779 (In WLAN driver, there is a possible out of bounds write due to
a missi ...)
+ TODO: check
CVE-2022-21778
RESERVED
-CVE-2022-21777
- RESERVED
-CVE-2022-21776
- RESERVED
-CVE-2022-21775
- RESERVED
-CVE-2022-21774
- RESERVED
-CVE-2022-21773
- RESERVED
-CVE-2022-21772
- RESERVED
-CVE-2022-21771
- RESERVED
-CVE-2022-21770
- RESERVED
-CVE-2022-21769
- RESERVED
-CVE-2022-21768
- RESERVED
-CVE-2022-21767
- RESERVED
-CVE-2022-21766
- RESERVED
-CVE-2022-21765
- RESERVED
-CVE-2022-21764
- RESERVED
-CVE-2022-21763
- RESERVED
+CVE-2022-21777 (In Autoboot, there is a possible permission bypass due to a
missing pe ...)
+ TODO: check
+CVE-2022-21776 (In MDP, there is a possible use after free due to a race
condition. Th ...)
+ TODO: check
+CVE-2022-21775 (In sched driver, there is a possible use after free due to
improper lo ...)
+ TODO: check
+CVE-2022-21774 (In TEEI driver, there is a possible use after free due to a
race condi ...)
+ TODO: check
+CVE-2022-21773 (In TEEI driver, there is a possible use after free due to a
race condi ...)
+ TODO: check
+CVE-2022-21772 (In TEEI driver, there is a possible type confusion due to a
race condi ...)
+ TODO: check
+CVE-2022-21771 (In GED driver, there is a possible use after free due to a
race condit ...)
+ TODO: check
+CVE-2022-21770 (In sound driver, there is a possible information disclosure
due to sym ...)
+ TODO: check
+CVE-2022-21769 (In CCCI, there is a possible out of bounds read due to a
missing bound ...)
+ TODO: check
+CVE-2022-21768 (In Bluetooth, there is a possible out of bounds write due to a
missing ...)
+ TODO: check
+CVE-2022-21767 (In Bluetooth, there is a possible out of bounds write due to a
missing ...)
+ TODO: check
+CVE-2022-21766 (In CCCI, there is a possible out of bounds write due to a
missing boun ...)
+ TODO: check
+CVE-2022-21765 (In CCCI, there is a possible out of bounds write due to a
missing boun ...)
+ TODO: check
+CVE-2022-21764 (In telecom service, there is a possible information disclosure
due to ...)
+ TODO: check
+CVE-2022-21763 (In telecom service, there is a possible information disclosure
due to ...)
+ TODO: check
CVE-2022-21762 (In apusys driver, there is a possible system crash due to an
integer o ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2022-21761 (In apusys driver, there is a possible system crash due to an
integer o ...)
@@ -44919,8 +44986,8 @@ CVE-2022-21746 (In imgsensor, there is a possible out
of bounds read due to a mi
NOT-FOR-US: MediaTek driver for Android
CVE-2022-21745 (In WIFI Firmware, there is a possible memory corruption due to
a use a ...)
NOT-FOR-US: MediaTek driver for Android
-CVE-2022-21744
- RESERVED
+CVE-2022-21744 (In Modem 2G RR, there is a possible out of bounds write due to
a missi ...)
+ TODO: check
CVE-2022-21743 (In ion, there is a possible use after free due to an integer
overflow. ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on
Windows ha ...)
@@ -47547,6 +47614,7 @@ CVE-2022-21157 (Improper access control in the Intel(R)
Smart Campus Android app
CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit
Android ...)
NOT-FOR-US: Intel
CVE-2022-21151 (Processor optimization removal or modification of
security-critical co ...)
+ {DSA-5178-1}
- intel-microcode 3.20220510.1 (bug #1010947)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510
@@ -47958,7 +48026,7 @@ CVE-2022-21180 (Improper input validation for some
Intel(R) Processors may allow
NOT-FOR-US: Intel
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html
CVE-2022-21166 (Incomplete cleanup in specific special register write
operations for s ...)
- {DSA-5173-1 DLA-3065-1}
+ {DSA-5178-1 DSA-5173-1 DLA-3065-1}
- intel-microcode 3.20220510.1
- linux 5.18.5-1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
@@ -47966,12 +48034,13 @@ CVE-2022-21166 (Incomplete cleanup in specific
special register write operations
NOTE: Linux kernel documentation patch:
https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
NOTE: https://xenbits.xen.org/xsa/advisory-404.html
CVE-2022-21127 (Incomplete cleanup in specific special register read
operations for so ...)
+ {DSA-5178-1}
- intel-microcode 3.20220510.1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
NOTE:
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SRBDS-Update
NOTE: https://xenbits.xen.org/xsa/advisory-404.html
CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some
Intel(R) ...)
- {DSA-5173-1 DLA-3065-1}
+ {DSA-5178-1 DSA-5173-1 DLA-3065-1}
- intel-microcode 3.20220510.1
- linux 5.18.5-1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
@@ -47979,7 +48048,7 @@ CVE-2022-21125 (Incomplete cleanup of
microarchitectural fill buffers on some In
NOTE: Linux kernel documentation patch:
https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-404.html
CVE-2022-21123 (Incomplete cleanup of multi-core shared buffers for some
Intel(R) Proc ...)
- {DSA-5173-1 DLA-3065-1}
+ {DSA-5178-1 DSA-5173-1 DLA-3065-1}
- intel-microcode 3.20220510.1
- linux 5.18.5-1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
@@ -53452,10 +53521,10 @@ CVE-2022-20085 (In netdiag, there is a possible
symbolic link following due to a
NOT-FOR-US: MediaTek driver for Android
CVE-2022-20084 (In telephony, there is a possible way to disable receiving
emergency b ...)
NOT-FOR-US: MediaTek driver for Android
-CVE-2022-20083
- RESERVED
-CVE-2022-20082
- RESERVED
+CVE-2022-20083 (In Modem 2G/3G CC, there is a possible out of bounds write due
to a mi ...)
+ TODO: check
+CVE-2022-20082 (In GPU, there is a possible use after free due to a race
condition. Th ...)
+ TODO: check
CVE-2022-20081 (In A-GPS, there is a possible man in the middle attack due to
improper ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2022-20080 (In SUB2AF, there is a possible memory corruption due to a race
conditi ...)
@@ -63576,24 +63645,21 @@ CVE-2021-3698 (A flaw was found in Cockpit in
versions prior to 260 in the way i
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149
NOTE: Needs sssd 2.6.1
NOTE: https://cockpit-project.org/blog/cockpit-260.html
-CVE-2021-3697
- RESERVED
+CVE-2021-3697 (A crafted JPEG image may lead the JPEG reader to underflow its
data po ...)
- grub2 2.06-3
[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
[jessie] - grub2 <ignored> (No SecureBoot support in jessie)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
-CVE-2021-3696
- RESERVED
+CVE-2021-3696 (A heap out-of-bounds write may heppen during the handling of
Huffman t ...)
- grub2 2.06-3
[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
[jessie] - grub2 <ignored> (No SecureBoot support in jessie)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
-CVE-2021-3695
- RESERVED
+CVE-2021-3695 (A crafted 16-bit grayscale PNG image may lead to a
out-of-bounds write ...)
- grub2 2.06-3
[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
@@ -65126,8 +65192,8 @@ CVE-2021-37841 (Docker Desktop before 3.6.0 suffers
from incorrect access contro
NOT-FOR-US: Docker Desktop on Windows
CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking
(CSWH) in ...)
NOT-FOR-US: aaPanel
-CVE-2021-37839
- RESERVED
+CVE-2021-37839 (Apache Superset up to 1.5.1 allowed for authenticated users to
access ...)
+ TODO: check
CVE-2021-3674
RESERVED
CVE-2021-3673 (A vulnerability was found in Radare2 in version 5.3.1. Improper
input ...)
@@ -80454,14 +80520,14 @@ CVE-2021-31681
RESERVED
CVE-2021-31680
RESERVED
-CVE-2021-31679
- RESERVED
-CVE-2021-31678
- RESERVED
-CVE-2021-31677
- RESERVED
-CVE-2021-31676
- RESERVED
+CVE-2021-31679 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF
vulnerabilit ...)
+ TODO: check
+CVE-2021-31678 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF
vulnerabilit ...)
+ TODO: check
+CVE-2021-31677 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF
vulnerabilit ...)
+ TODO: check
+CVE-2021-31676 (A reflected XSS was discovered in PESCMS-V2.3.3. When combined
with CS ...)
+ TODO: check
CVE-2021-31675
RESERVED
CVE-2021-31674 (Cyclos 4 PRO 4.14.7 and before does not validate user input at
error i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72997cd9041e276d614feb70f65ca1d0a256abe8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72997cd9041e276d614feb70f65ca1d0a256abe8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
