[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 29 Jul 2022 13:10:52 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ea8c7130 by security tracker role at 2022-07-29T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-37023
+       RESERVED
+CVE-2022-37022
+       RESERVED
+CVE-2022-37021
+       RESERVED
+CVE-2022-2581
+       RESERVED
+CVE-2022-2580
+       RESERVED
+CVE-2022-2579 (A vulnerability, which was classified as problematic, was found 
in Sou ...)
+       TODO: check
+CVE-2022-2578 (A vulnerability, which was classified as critical, has been 
found in S ...)
+       TODO: check
+CVE-2022-2577 (A vulnerability classified as critical was found in 
SourceCodester Gar ...)
+       TODO: check
+CVE-2022-2576 (In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a 
DTLS r ...)
+       TODO: check
+CVE-2022-2575
+       RESERVED
+CVE-2022-2574
+       RESERVED
+CVE-2022-2573
+       RESERVED
+CVE-2020-36562
+       RESERVED
+CVE-2020-36561
+       RESERVED
+CVE-2020-36560
+       RESERVED
+CVE-2020-36559
+       RESERVED
+CVE-2019-25072
+       RESERVED
+CVE-2018-25046
+       RESERVED
+CVE-2017-20146
+       RESERVED
+CVE-2015-10004
+       RESERVED
+CVE-2014-125026
+       RESERVED
+CVE-2013-10005
+       RESERVED
 CVE-2022-37020
        RESERVED
 CVE-2022-37019
@@ -256,6 +300,7 @@ CVE-2022-2555
 CVE-2022-2554
        RESERVED
 CVE-2022-2553 (The authfile directive in the booth config file is ignored, 
preventing ...)
+       {DSA-5194-1}
        - booth <unfixed>
        NOTE: https://github.com/ClusterLabs/booth/issues/114
 CVE-2022-2552
@@ -2191,8 +2236,8 @@ CVE-2022-36125
        RESERVED
 CVE-2022-36124
        RESERVED
-CVE-2022-36123
-       RESERVED
+CVE-2022-36123 (The Linux kernel before 5.18.13 lacks a certain clear 
operation for th ...)
+       TODO: check
 CVE-2022-36122
        RESERVED
 CVE-2022-36121
@@ -3060,6 +3105,7 @@ CVE-2022-2400 (External Control of File Name or Path in 
GitHub repository dompdf
        NOTE: https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a
        NOTE: 
https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a
 CVE-2022-2399 (Use after free in WebGPU in Google Chrome prior to 
100.0.4896.88 allow ...)
+       {DSA-5120-1}
        - chromium 100.0.4896.88-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-35741 (Apache CloudStack version 4.5.0 and later has a SAML 2.0 
authenticatio ...)
@@ -3293,8 +3339,8 @@ CVE-2022-35645
        RESERVED
 CVE-2022-35644
        RESERVED
-CVE-2022-35643
-       RESERVED
+CVE-2022-35643 (IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper 
with syst ...)
+       TODO: check
 CVE-2022-35642
        RESERVED
 CVE-2022-35641
@@ -3315,14 +3361,14 @@ CVE-2022-35634
        RESERVED
 CVE-2022-35633
        RESERVED
-CVE-2022-35632
-       RESERVED
-CVE-2022-35631
-       RESERVED
-CVE-2022-35630
-       RESERVED
-CVE-2022-35629
-       RESERVED
+CVE-2022-35632 (The Velociraptor GUI contains an editor suggestion feature 
that can di ...)
+       TODO: check
+CVE-2022-35631 (On MacOS and Linux, it may be possible to perform a symlink 
attack by  ...)
+       TODO: check
+CVE-2022-35630 (A cross-site scripting (XSS) issue in generating a collection 
report m ...)
+       TODO: check
+CVE-2022-35629 (Due to a bug in the handling of the communication between the 
client a ...)
+       TODO: check
 CVE-2022-35628 (A SQL injection issue was discovered in the lux extension 
before 17.6. ...)
        NOT-FOR-US: TYPO3 extension
 CVE-2022-35627
@@ -7988,8 +8034,8 @@ CVE-2022-33883
        RESERVED
 CVE-2022-33882
        RESERVED
-CVE-2022-33881
-       RESERVED
+CVE-2022-33881 (Parsing a maliciously crafted PRT file can force Autodesk 
AutoCAD 2023 ...)
+       TODO: check
 CVE-2022-33311
        RESERVED
 CVE-2022-33151
@@ -14878,8 +14924,8 @@ CVE-2022-1801 (The Very Simple Contact Form WordPress 
plugin before 11.6 exposes
        NOT-FOR-US: WordPress plugin
 CVE-2022-1800 (The Export any WordPress data to XML/CSV WordPress plugin 
before 1.3.5 ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-1799
-       RESERVED
+CVE-2022-1799 (Incorrect signature trust exists within Google Play services 
SDK play- ...)
+       TODO: check
 CVE-2022-1798
        RESERVED
 CVE-2022-31215 (In certain Goverlan products, the Windows Firewall is 
temporarily turn ...)
@@ -22342,8 +22388,8 @@ CVE-2022-1279 (A vulnerability in the encryption 
implementation of EBICS message
        NOT-FOR-US: ebics-java
 CVE-2022-1278
        RESERVED
-CVE-2022-1277
-       RESERVED
+CVE-2022-1277 (Inavitas Solar Log product has an unauthenticated SQL Injection 
vulner ...)
+       TODO: check
 CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in GitHub repository 
mruby/mruby pr ...)
        - mruby <not-affected> (Vulnerable code introduced later)
        NOTE: https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25
@@ -24835,8 +24881,8 @@ CVE-2022-27882 (slaacd in OpenBSD 6.9 and 7.0 before 
2022-03-22 has an integer s
        NOT-FOR-US: slaacd from OpenBSD
 CVE-2022-27881 (engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 
has a buff ...)
        NOT-FOR-US: slaacd from OpenBSD
-CVE-2022-27873
-       RESERVED
+CVE-2022-27873 (An attacker can force the victim&#8217;s device to perform 
arbitrary H ...)
+       TODO: check
 CVE-2022-27872 (A maliciously crafted PDF file may be used to dereference a 
pointer fo ...)
        NOT-FOR-US: Autodesk
 CVE-2022-27871 (Autodesk AutoCAD product suite, Revit, Design Review and 
Navisworks re ...)
@@ -30424,8 +30470,8 @@ CVE-2022-25171
        RESERVED
 CVE-2022-24913
        RESERVED
-CVE-2022-24912
-       RESERVED
+CVE-2022-24912 (The package 
github.com/runatlantis/atlantis/server/controllers/events  ...)
+       TODO: check
 CVE-2022-24909
        RESERVED
 CVE-2022-24441
@@ -77152,7 +77198,7 @@ CVE-2021-34688 (iDrive RemotePC before 7.6.48 on 
Windows allows information disc
 CVE-2021-34687 (iDrive RemotePC before 7.6.48 on Windows allows information 
disclosure ...)
        NOT-FOR-US: iDrive RemotePC
 CVE-2021-3601
-       RESERVED
+       REJECTED
        - openssl1.0 <removed>
        [stretch] - openssl1.0 <ignored> (Minor issue, upstream does not want 
to change the behavior in this old version)
        - openssl 1.1.0b-2
@@ -374556,7 +374602,7 @@ CVE-2016-4983 (A postinstall script in the dovecot 
rpm allows local users to rea
 CVE-2016-4982 (authd sets weak permissions for /etc/ident.key, which allows 
local use ...)
        NOT-FOR-US: authd
 CVE-2016-4981
-       RESERVED
+       REJECTED
 CVE-2016-4980 (A password generation weakness exists in xquest through 
2016-06-13. ...)
        NOT-FOR-US: Red Hat xguest kiosk mode
 CVE-2016-4979 (The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 
and mod_s ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea8c713068d25a5d380135b49b2e35eb1d003205

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea8c713068d25a5d380135b49b2e35eb1d003205
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to