Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 885c9f3f by security tracker role at 2022-07-23T08:10:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,57 @@ +CVE-2022-36415 (A DLL hijacking vulnerability exists in the uninstaller in Scooter Bey ...) + TODO: check +CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the Windo ...) + TODO: check +CVE-2022-36413 + RESERVED +CVE-2022-36412 + RESERVED +CVE-2022-36411 + RESERVED +CVE-2022-36410 + RESERVED +CVE-2022-36409 + RESERVED +CVE-2022-36408 (PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attacke ...) + TODO: check +CVE-2022-36398 + RESERVED +CVE-2022-36396 + RESERVED +CVE-2022-36395 + RESERVED +CVE-2022-36377 + RESERVED +CVE-2022-36374 + RESERVED +CVE-2022-36287 + RESERVED +CVE-2022-36278 + RESERVED +CVE-2022-34855 + RESERVED +CVE-2022-34153 + RESERVED +CVE-2022-34147 + RESERVED +CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...) + TODO: check +CVE-2022-2522 + RESERVED +CVE-2022-2521 + RESERVED +CVE-2022-2520 + RESERVED +CVE-2022-2519 + RESERVED +CVE-2022-2518 + RESERVED +CVE-2022-2517 + RESERVED +CVE-2022-2516 + RESERVED +CVE-2018-25045 (Django REST framework (aka django-rest-framework) before 3.9.1 allows ...) + TODO: check CVE-2022-36407 RESERVED CVE-2022-36389 @@ -5634,6 +5688,7 @@ CVE-2022-34170 (In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 CVE-2022-2166 RESERVED CVE-2022-34169 (The Apache Xalan Java XSLT library is vulnerable to an integer truncat ...) + {DSA-5188-1} - openjdk-8 <unfixed> - openjdk-11 11.0.16+8-1 - openjdk-17 17.0.4+8-1 @@ -5850,14 +5905,14 @@ CVE-2022-34117 RESERVED CVE-2022-34116 RESERVED -CVE-2022-34115 - RESERVED -CVE-2022-34114 - RESERVED -CVE-2022-34113 - RESERVED -CVE-2022-34112 - RESERVED +CVE-2022-34115 (Dataease v1.11.1 was discovered to contain a SQL injection vulnerabili ...) + TODO: check +CVE-2022-34114 (Dataease v1.11.1 was discovered to contain a SQL injection vulnerabili ...) + TODO: check +CVE-2022-34113 (An issue in the component /api/plugin/upload of Dataease v1.11.1 allow ...) + TODO: check +CVE-2022-34112 (An access control issue in the component /api/plugin/uninstall Dataeas ...) + TODO: check CVE-2022-34111 RESERVED CVE-2022-34110 @@ -22710,126 +22765,106 @@ CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab CE/EE - gitlab <unfixed> CVE-2022-1147 RESERVED -CVE-2022-1146 - RESERVED +CVE-2022-1146 (Inappropriate implementation in Resource Timing in Google Chrome prior ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1145 - RESERVED +CVE-2022-1145 (Use after free in Extensions in Google Chrome prior to 100.0.4896.60 a ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1144 - RESERVED +CVE-2022-1144 (Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowe ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1143 - RESERVED +CVE-2022-1143 (Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1142 - RESERVED +CVE-2022-1142 (Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1141 - RESERVED +CVE-2022-1141 (Use after free in File Manager in Google Chrome prior to 100.0.4896.60 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1140 RESERVED -CVE-2022-1139 - RESERVED +CVE-2022-1139 (Inappropriate implementation in Background Fetch API in Google Chrome ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1138 - RESERVED +CVE-2022-1138 (Inappropriate implementation in Web Cursor in Google Chrome prior to 1 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1137 - RESERVED +CVE-2022-1137 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1136 - RESERVED +CVE-2022-1136 (Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 al ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1135 - RESERVED +CVE-2022-1135 (Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.6 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1134 - RESERVED +CVE-2022-1134 (Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1133 - RESERVED +CVE-2022-1133 (Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1132 - RESERVED +CVE-2022-1132 (Inappropriate implementation in Virtual Keyboard in Google Chrome on C ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1131 - RESERVED +CVE-2022-1131 (Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allo ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1130 - RESERVED +CVE-2022-1130 (Insufficient validation of trust input in WebOTP in Google Chrome on A ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1129 - RESERVED +CVE-2022-1129 (Inappropriate implementation in Full Screen Mode in Google Chrome on A ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1128 - RESERVED +CVE-2022-1128 (Inappropriate implementation in Web Share API in Google Chrome on Wind ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1127 - RESERVED +CVE-2022-1127 (Use after free in QR Code Generator in Google Chrome prior to 100.0.48 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1126 RESERVED -CVE-2022-1125 - RESERVED +CVE-2022-1125 (Use after free in Portals in Google Chrome prior to 100.0.4896.60 allo ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium <end-of-life> (see DSA 5046) @@ -23493,8 +23528,7 @@ CVE-2022-1097 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-1097 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1097 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1097 -CVE-2022-1096 - RESERVED +CVE-2022-1096 (Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a ...) {DSA-5110-1} - chromium 99.0.4844.84-1 [buster] - chromium <end-of-life> (see DSA 5046) @@ -28967,8 +29001,8 @@ CVE-2022-25761 RESERVED CVE-2022-25760 (All versions of package accesslog are vulnerable to Arbitrary Code Inj ...) NOT-FOR-US: accesslog Nodejs module -CVE-2022-25759 - RESERVED +CVE-2022-25759 (The package convert-svg-core before 0.6.2 are vulnerable to Remote Cod ...) + TODO: check CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular Expre ...) - node-scss-tokenizer <itp> (bug #885456) CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via ...) @@ -49844,10 +49878,12 @@ CVE-2022-21543 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o CVE-2022-21542 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21541 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5188-1} - openjdk-8 <unfixed> - openjdk-11 11.0.16+8-1 - openjdk-17 17.0.4+8-1 CVE-2022-21540 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5188-1} - openjdk-8 <unfixed> - openjdk-11 11.0.16+8-1 - openjdk-17 17.0.4+8-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/885c9f3ff9f1822d2bd9fda307202ebe9060cdea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/885c9f3ff9f1822d2bd9fda307202ebe9060cdea You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits