Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
13a4ad70 by security tracker role at 2022-07-19T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-36305
+ RESERVED
+CVE-2022-36304
+ RESERVED
+CVE-2022-36303
+ RESERVED
+CVE-2022-36302
+ RESERVED
+CVE-2022-36301
+ RESERVED
+CVE-2022-36300
+ RESERVED
+CVE-2022-30706
+ RESERVED
+CVE-2022-2476
+ RESERVED
+CVE-2022-2475
+ RESERVED
+CVE-2022-2474
+ RESERVED
+CVE-2022-2473
+ RESERVED
+CVE-2022-2472
+ RESERVED
+CVE-2022-2471
+ RESERVED
+CVE-2022-2470
+ RESERVED
+CVE-2022-2469 (GNU SASL libgsasl server-side read-out-of-bounds with malicious
authen ...)
+ TODO: check
+CVE-2022-2468 (A vulnerability was found in SourceCodester Garage Management
System 1 ...)
+ TODO: check
+CVE-2022-2467 (A vulnerability has been found in SourceCodester Garage
Management Sys ...)
+ TODO: check
+CVE-2016-15004
+ RESERVED
CVE-2022-35735
RESERVED
CVE-2022-35728
@@ -366,10 +402,10 @@ CVE-2022-36128
RESERVED
CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to
0.5.1. The ...)
NOT-FOR-US: Apache SkyWalking
-CVE-2022-2454
- RESERVED
-CVE-2022-2453
- RESERVED
+CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac
prior to ...)
+ TODO: check
+CVE-2022-2453 (Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.
...)
+ TODO: check
CVE-2022-2452
RESERVED
CVE-2022-2451
@@ -824,8 +860,8 @@ CVE-2022-35914
RESERVED
CVE-2022-35913
RESERVED
-CVE-2022-35912
- RESERVED
+CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before
4.1.1, 5.x b ...)
+ TODO: check
CVE-2022-35911
RESERVED
CVE-2022-35910
@@ -1332,8 +1368,8 @@ CVE-2022-27170
RESERVED
CVE-2022-2395
RESERVED
-CVE-2022-2394
- RESERVED
+CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive
parameters wh ...)
+ TODO: check
CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1
build 202108 ...)
NOT-FOR-US: Oxygen XML WebHelp
CVE-2022-35713
@@ -2062,8 +2098,8 @@ CVE-2022-35407
RESERVED
CVE-2022-35406 (A URL disclosure issue was discovered in Burp Suite before
2022.6. If ...)
- burpsuite <itp> (bug #832943)
-CVE-2022-35405
- RESERVED
+CVE-2022-35405 (Zoho ManageEngine Password Manager Pro before 12101 and PAM360
before ...)
+ TODO: check
CVE-2022-35404 (ManageEngine Password Manager Pro 12100 and prior and
OPManager 126100 ...)
NOT-FOR-US: ManageEngine Password Manager Pro
CVE-2022-35403 (Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk
Plus MSP ...)
@@ -4789,10 +4825,10 @@ CVE-2022-34364
RESERVED
CVE-2022-34363
RESERVED
-CVE-2022-2193
- RESERVED
-CVE-2022-2192
- RESERVED
+CVE-2022-2193 (Insecure Direct Object Reference vulnerability in HYPR Server
before v ...)
+ TODO: check
+CVE-2022-2192 (Forced Browsing vulnerability in HYPR Server version 6.10 to
6.15.1 al ...)
+ TODO: check
CVE-2022-2191 (In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru
11.0.9 v ...)
TODO: check, claims to affect only 10.x and 11.x series, check for
jetty9
CVE-2022-34362
@@ -5266,8 +5302,8 @@ CVE-2022-34170 (In Jenkins 2.320 through 2.355 (both
inclusive) and LTS 2.332.1
- jenkins <removed>
CVE-2022-2166
RESERVED
-CVE-2022-34169
- RESERVED
+CVE-2022-34169 (The Apache Xalan Java XSLT library is vulnerable to an integer
truncat ...)
+ TODO: check
CVE-2022-34168
RESERVED
CVE-2022-34151 (Use of hard-coded credentials vulnerability exists in Machine
automati ...)
@@ -5660,10 +5696,10 @@ CVE-2022-34026
RESERVED
CVE-2022-34025
RESERVED
-CVE-2022-34024
- RESERVED
-CVE-2022-34023
- RESERVED
+CVE-2022-34024 (Barangay Management System v1.0 was discovered to contain an
arbitrary ...)
+ TODO: check
+CVE-2022-34023 (Barangay Management System v1.0 was discovered to contain a
SQL inject ...)
+ TODO: check
CVE-2022-34022
RESERVED
CVE-2022-34021
@@ -5706,8 +5742,8 @@ CVE-2022-34003
RESERVED
CVE-2022-34002
RESERVED
-CVE-2022-34001
- RESERVED
+CVE-2022-34001 (Unit4 ERP through 7.9 allows XXE via
ExecuteServerProcessAsynchronousl ...)
+ TODO: check
CVE-2022-34000 (libjxl 0.6.1 has an assertion failure in
LowMemoryRenderPipeline::Init ...)
- jpeg-xl <unfixed> (bug #1013265)
NOTE: https://github.com/libjxl/libjxl/issues/1477
@@ -9478,8 +9514,8 @@ CVE-2022-32456
RESERVED
CVE-2022-30707 (Violation of secure design principles exists in the
communication of C ...)
NOT-FOR-US: CAMS for HIS
-CVE-2022-30532
- RESERVED
+CVE-2022-30532 (In affected versions of Octopus Deploy, there is no logging of
changes ...)
+ TODO: check
CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be
customi ...)
NOT-FOR-US: Octopus Server
CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
...)
@@ -10124,8 +10160,8 @@ CVE-2022-29512 (Exposure of sensitive information to an
unauthorized actor issue
NOT-FOR-US: Cybozu
CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to
reflected C ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1984
- RESERVED
+CVE-2022-1984 (This issue affects: HYPR Windows WFA versions prior to 7.2;
Unsafe Des ...)
+ TODO: check
CVE-2022-1983 (Incorrect authorization in GitLab EE affecting all versions
from 10.7 ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-1982 (Uncontrolled resource consumption in Mattermost version 6.6.0
and earl ...)
@@ -14953,8 +14989,8 @@ CVE-2022-30572
RESERVED
CVE-2022-30571
RESERVED
-CVE-2022-30570
- RESERVED
+CVE-2022-30570 (The Column Based Security component of TIBCO Software Inc.'s
TIBCO Dat ...)
+ TODO: check
CVE-2022-30569
RESERVED
CVE-2022-30568
@@ -23883,10 +23919,10 @@ CVE-2022-27582
RESERVED
CVE-2022-27581
RESERVED
-CVE-2022-27580
- RESERVED
-CVE-2022-27579
- RESERVED
+CVE-2022-27580 (A deserialization vulnerability in a .NET framework class used
and not ...)
+ TODO: check
+CVE-2022-27579 (A deserialization vulnerability in a .NET framework class used
and not ...)
+ TODO: check
CVE-2022-27578 (An attacker can perform a privilege escalation through the
SICK OEE if ...)
NOT-FOR-US: SICK
CVE-2022-27577 (The vulnerability in the MSC800 in all versions before 4.15
allows for ...)
@@ -23953,10 +23989,10 @@ CVE-2022-27547
RESERVED
CVE-2022-27546
RESERVED
-CVE-2022-27545
- RESERVED
-CVE-2022-27544
- RESERVED
+CVE-2022-27545 (BigFix Web Reports authorized users may perform HTML injection
for the ...)
+ TODO: check
+CVE-2022-27544 (BigFix Web Reports authorized users may see SMTP credentials
in clear ...)
+ TODO: check
CVE-2022-27543
RESERVED
CVE-2022-27542
@@ -24447,8 +24483,8 @@ CVE-2022-27375 (Tenda AX12 V22.03.01.21_CN was
discovered to contain a Cross-Sit
NOT-FOR-US: Tenda
CVE-2022-27374 (Tenda AX12 V22.03.01.21_CN was discovered to contain a
Cross-Site Requ ...)
NOT-FOR-US: Tenda
-CVE-2022-27373
- RESERVED
+CVE-2022-27373 (Shanghai Feixun Data Communication Technology Co., Ltd router
fir302b ...)
+ TODO: check
CVE-2022-27372
RESERVED
CVE-2022-27371
@@ -34240,8 +34276,8 @@ CVE-2022-24084
RESERVED
CVE-2022-24083
RESERVED
-CVE-2022-24082
- RESERVED
+CVE-2022-24082 (If an on-premise installation of the Pega Platform is
configured with ...)
+ TODO: check
CVE-2022-24081
RESERVED
CVE-2022-24080
@@ -40591,10 +40627,10 @@ CVE-2022-22419
RESERVED
CVE-2022-22418
RESERVED
-CVE-2022-22417
- RESERVED
-CVE-2022-22416
- RESERVED
+CVE-2022-22417 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and
Cloud/SasS 22. ...)
+ TODO: check
+CVE-2022-22416 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and
Cloud/SasS 22. ...)
+ TODO: check
CVE-2022-22415 (A vulnerability exists where an IBM Robotic Process Automation
21.0.1 ...)
NOT-FOR-US: IBM
CVE-2022-22414 (IBM Robotic Process Automation 21.0.2 could allow a local user
to obta ...)
@@ -40705,12 +40741,12 @@ CVE-2022-22362
RESERVED
CVE-2022-22361 (IBM Business Automation Workflow traditional 21.0.1 through
21.0.3, 20 ...)
NOT-FOR-US: IBM
-CVE-2022-22360
- RESERVED
-CVE-2022-22359
- RESERVED
-CVE-2022-22358
- RESERVED
+CVE-2022-22360 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and
Cloud/SasS 22. ...)
+ TODO: check
+CVE-2022-22359 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and
Cloud/SasS 22. ...)
+ TODO: check
+CVE-2022-22358 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and
Cloud/SasS 22. ...)
+ TODO: check
CVE-2022-22357
RESERVED
CVE-2022-22356 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to
enumera ...)
@@ -78045,7 +78081,7 @@ CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before
3.10.0 allows any user (able
NOTE: https://docs.inspircd.org/security/2021-01/
NOTE:
https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d
CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a
'read_prob ...)
- {DLA-2742-1}
+ {DSA-5126-1 DLA-2742-1}
- ffmpeg 7:4.3-2
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532
(4.3)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/97ee4a451b5b1eb0010664b4a8c048d6c8c06a8a
(4.1.9)
@@ -80838,8 +80874,8 @@ CVE-2021-32506 (Absolute Path Traversal vulnerability
in GetImage in QSAN Storag
NOT-FOR-US: QSAN
CVE-2021-32505
REJECTED
-CVE-2021-32504
- RESERVED
+CVE-2021-32504 (Unauthenticated users can access sensitive web URLs through
GET reques ...)
+ TODO: check
CVE-2021-32503 (Unauthenticated users can access sensitive web URLs through
GET reques ...)
NOT-FOR-US: SICK FTMg flow sensors
CVE-2021-32502
@@ -139175,7 +139211,7 @@ CVE-2020-21699
CVE-2020-21698
RESERVED
CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in
libavfo ...)
- {DSA-4998-1}
+ {DSA-5126-1 DSA-4998-1}
- ffmpeg 7:4.4-5
[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://trac.ffmpeg.org/ticket/8188
@@ -139198,7 +139234,7 @@ CVE-2020-21690
CVE-2020-21689
RESERVED
CVE-2020-21688 (A heap-use-after-free in the av_freep function in
libavutil/mem.c of F ...)
- {DSA-4998-1}
+ {DSA-5126-1 DSA-4998-1}
- ffmpeg 7:4.4-5
[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://trac.ffmpeg.org/ticket/8186
@@ -140962,6 +140998,7 @@ CVE-2020-20898 (Integer Overflow vulnerability in
function filter16_prewitt in l
CVE-2020-20897
REJECTED
CVE-2020-20896 (An issue was discovered in function latm_write_packet in
libavformat/l ...)
+ {DSA-5126-1}
- ffmpeg 7:4.3-2
[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next
update)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b
(4.3)
@@ -140974,12 +141011,14 @@ CVE-2020-20894
CVE-2020-20893
REJECTED
CVE-2020-20892 (An issue was discovered in function filter_frame in
libavfilter/vf_len ...)
+ {DSA-5126-1}
- ffmpeg 7:4.3-2
[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next
update)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01
(4.3)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=439645004bb672a29145621549cb87acdb2f84db
(4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/8265
CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in
libavfilter/ ...)
+ {DSA-5126-1}
- ffmpeg 7:4.3-2
[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next
update)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab
(4.3)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13a4ad70107a47216da07c96aacf8b5ac5ffd3b6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13a4ad70107a47216da07c96aacf8b5ac5ffd3b6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
