Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ea3ba10 by security tracker role at 2022-08-05T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2022-37431 (A Reflected Cross-site scripting (XSS) issue was discovered in
dotCMS ...)
+ TODO: check
+CVE-2022-37430
+ RESERVED
+CVE-2022-37429
+ RESERVED
+CVE-2022-37428
+ RESERVED
+CVE-2022-37427
+ RESERVED
+CVE-2022-37426
+ RESERVED
+CVE-2022-37425
+ RESERVED
+CVE-2022-37424
+ RESERVED
+CVE-2022-37423
+ RESERVED
+CVE-2022-37422
+ RESERVED
+CVE-2022-37421
+ RESERVED
+CVE-2022-37420
+ RESERVED
+CVE-2022-37419
+ RESERVED
+CVE-2022-37418
+ RESERVED
+CVE-2022-37417
+ RESERVED
+CVE-2022-37416 (Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping
memory ...)
+ TODO: check
+CVE-2022-37415 (The Uniwill SparkIO.sys driver 1.0 is vulnerable to a
stack-based buff ...)
+ TODO: check
+CVE-2022-37414
+ RESERVED
+CVE-2022-37413
+ RESERVED
+CVE-2022-37401
+ RESERVED
+CVE-2022-37400
+ RESERVED
+CVE-2022-37399
+ RESERVED
+CVE-2022-37398
+ RESERVED
+CVE-2022-36350
+ RESERVED
+CVE-2022-2667
+ RESERVED
+CVE-2022-2666
+ RESERVED
+CVE-2022-2665
+ RESERVED
+CVE-2022-2664
+ RESERVED
+CVE-2020-36591
+ RESERVED
+CVE-2020-36590
+ RESERVED
+CVE-2020-36589
+ RESERVED
+CVE-2020-36588
+ RESERVED
+CVE-2020-36587
+ RESERVED
+CVE-2020-36586
+ RESERVED
+CVE-2020-36585
+ RESERVED
+CVE-2020-36584
+ RESERVED
+CVE-2020-36583
+ RESERVED
+CVE-2020-36582
+ RESERVED
+CVE-2020-36581
+ RESERVED
+CVE-2020-36580
+ RESERVED
+CVE-2020-36579
+ RESERVED
+CVE-2020-36578
+ RESERVED
+CVE-2020-36577
+ RESERVED
+CVE-2020-36576
+ RESERVED
+CVE-2020-36575
+ RESERVED
+CVE-2020-36574
+ RESERVED
+CVE-2020-36573
+ RESERVED
+CVE-2020-36572
+ RESERVED
+CVE-2020-36571
+ RESERVED
+CVE-2020-36570
+ RESERVED
CVE-2022-2663
RESERVED
CVE-2022-2662
@@ -943,8 +1043,7 @@ CVE-2022-37032
RESERVED
CVE-2022-37031
RESERVED
-CVE-2022-37030
- RESERVED
+CVE-2022-37030 (Weak permissions on the configuration file in the PAM module
in Grommu ...)
NOT-FOR-US: Gromox
CVE-2022-37029
RESERVED
@@ -3654,16 +3753,16 @@ CVE-2022-35932
RESERVED
CVE-2022-35931
RESERVED
-CVE-2022-35930
- RESERVED
-CVE-2022-35929
- RESERVED
+CVE-2022-35930 (PolicyController is a utility used to enforce supply chain
policy in K ...)
+ TODO: check
+CVE-2022-35929 (cosign is a container signing and verification utility. In
versions pr ...)
+ TODO: check
CVE-2022-35928 (AES Crypt is a file encryption software for multiple
platforms. AES Cr ...)
NOT-FOR-US: AES Crypt
-CVE-2022-35927
- RESERVED
-CVE-2022-35926
- RESERVED
+CVE-2022-35927 (Contiki-NG is an open-source, cross-platform operating system
for IoT ...)
+ TODO: check
+CVE-2022-35926 (Contiki-NG is an open-source, cross-platform operating system
for IoT ...)
+ TODO: check
CVE-2022-35925 (BookWyrm is a social network for tracking reading. Versions
prior to 0 ...)
NOT-FOR-US: BookWyrm
CVE-2022-35924 (NextAuth.js is a complete open source authentication solution
for Next ...)
@@ -3893,8 +3992,8 @@ CVE-2022-35860
RESERVED
CVE-2022-35859
RESERVED
-CVE-2022-35858
- RESERVED
+CVE-2022-35858 (The TEE_PopulateTransientObject and __utee_from_attr functions
in Sams ...)
+ TODO: check
CVE-2022-35857 (kvf-admin through 2022-02-12 allows remote attackers to
execute arbitr ...)
NOT-FOR-US: kvf-admin
CVE-2022-35856
@@ -5568,12 +5667,12 @@ CVE-2022-35146
RESERVED
CVE-2022-35145
RESERVED
-CVE-2022-35144
- RESERVED
-CVE-2022-35143
- RESERVED
-CVE-2022-35142
- RESERVED
+CVE-2022-35144 (Renato v0.17.0 was discovered to contain a cross-site
scripting (XSS) ...)
+ TODO: check
+CVE-2022-35143 (Renato v0.17.0 employs weak password complexity requirements,
allowing ...)
+ TODO: check
+CVE-2022-35142 (An issue in Renato v0.17.0 allows attackers to cause a Denial
of Servi ...)
+ TODO: check
CVE-2022-35141
RESERVED
CVE-2022-35140
@@ -5870,8 +5969,8 @@ CVE-2022-34995
RESERVED
CVE-2022-34994
RESERVED
-CVE-2022-34993
- RESERVED
+CVE-2022-34993 (Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a
hard code ...)
+ TODO: check
CVE-2022-34992 (Luadec v0.9.9 was discovered to contain a heap-buffer overflow
via the ...)
TODO: check
CVE-2022-34991 (Paymoney v3.3 was discovered to contain multiple reflected
cross-site ...)
@@ -5916,8 +6015,8 @@ CVE-2022-34972 (So Filter Shop v3.x was discovered to
contain multiple blind SQL
NOT-FOR-US: So Filter Shop
CVE-2022-34971 (An arbitrary file upload vulnerability in the Advertising
Management m ...)
NOT-FOR-US: Feehi CMS
-CVE-2022-34970
- RESERVED
+CVE-2022-34970 (Crow before v1.0+4 was discovered to contain a buffer overflow
via the ...)
+ TODO: check
CVE-2022-34969 (PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer
dereferen ...)
NOT-FOR-US: pingcap/tidb
CVE-2022-34968 (An issue in the fetch_step function in Percona Server for
MySQL v8.0.2 ...)
@@ -14281,8 +14380,8 @@ CVE-2022-1927 (Buffer Over-read in GitHub repository
vim/vim prior to 8.2. ...)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1926 (Integer Overflow or Wraparound in GitHub repository
polonel/trudesk pr ...)
NOT-FOR-US: Trudesk
-CVE-2022-31793
- RESERVED
+CVE-2022-31793 (do_request in request.c in muhttpd before 1.1.7 allows remote
attacker ...)
+ TODO: check
CVE-2022-31792
RESERVED
CVE-2022-31791
@@ -31749,8 +31848,8 @@ CVE-2022-21189 (The package dexie before 3.2.2, from
4.0.0-alpha.1 and before 4.
NOT-FOR-US: dexie
CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command
Injection v ...)
NOT-FOR-US: libvcs
-CVE-2022-21186
- RESERVED
+CVE-2022-21186 (The package @acrontum/filesystem-template before 0.0.2 are
vulnerable ...)
+ TODO: check
CVE-2022-21169
RESERVED
CVE-2022-21167 (All versions of package masuit.tools.core are vulnerable to
Arbitrary ...)
@@ -83161,8 +83260,8 @@ CVE-2021-32773 (Racket is a general-purpose programming
language and an ecosyste
NOTE:
https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c
CVE-2021-32772 (Poddycast is a podcast app made with Electron. Prior to
version 0.8.1, ...)
NOT-FOR-US: Poddycast
-CVE-2021-32771
- RESERVED
+CVE-2021-32771 (Contiki-NG is an open-source, cross-platform operating system
for IoT ...)
+ TODO: check
CVE-2021-32770 (Gatsby is a framework for building websites. The
gatsby-source-wordpre ...)
NOT-FOR-US: Gatsby
CVE-2021-32769 (Micronaut is a JVM-based, full stack Java framework designed
for build ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ea3ba1038db7085ffac81f9c7cdd83b0ceb42a5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ea3ba1038db7085ffac81f9c7cdd83b0ceb42a5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
