Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f32b2c8a by security tracker role at 2022-08-13T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2022-38216
+ RESERVED
+CVE-2022-38215
+ RESERVED
+CVE-2022-38214
+ RESERVED
+CVE-2022-38213
+ RESERVED
+CVE-2022-38212
+ RESERVED
+CVE-2022-38211
+ RESERVED
+CVE-2022-38210
+ RESERVED
+CVE-2022-38209
+ RESERVED
+CVE-2022-38208
+ RESERVED
+CVE-2022-38207
+ RESERVED
+CVE-2022-38206
+ RESERVED
+CVE-2022-38205
+ RESERVED
+CVE-2022-38204
+ RESERVED
+CVE-2022-38203
+ RESERVED
+CVE-2022-38202
+ RESERVED
+CVE-2022-38201
+ RESERVED
+CVE-2022-38200
+ RESERVED
+CVE-2022-38199
+ RESERVED
+CVE-2022-38198
+ RESERVED
+CVE-2022-38197
+ RESERVED
+CVE-2022-38196
+ RESERVED
+CVE-2022-38195
+ RESERVED
+CVE-2022-38194
+ RESERVED
+CVE-2022-38193
+ RESERVED
+CVE-2022-38192
+ RESERVED
+CVE-2022-38191
+ RESERVED
+CVE-2022-38190
+ RESERVED
+CVE-2022-38189
+ RESERVED
+CVE-2022-38188
+ RESERVED
+CVE-2022-38187
+ RESERVED
+CVE-2022-38186
+ RESERVED
+CVE-2022-38185
+ RESERVED
+CVE-2022-38184
+ RESERVED
+CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add
existing issu ...)
+ TODO: check
+CVE-2022-38182
+ RESERVED
+CVE-2022-38181
+ RESERVED
+CVE-2022-2809
+ RESERVED
CVE-2022-38180 (In JetBrains Ktor before 2.1.0 the wrong authentication
provider could ...)
NOT-FOR-US: JetBrains Ktor
CVE-2022-38179 (JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File
Downloa ...)
@@ -14,22 +88,22 @@ CVE-2022-2806
RESERVED
CVE-2022-2805
RESERVED
-CVE-2022-2804
- RESERVED
-CVE-2022-2803
- RESERVED
-CVE-2022-2802
- RESERVED
-CVE-2022-2801
- RESERVED
-CVE-2022-2800
- RESERVED
+CVE-2022-2804 (A vulnerability was found in SourceCodester Zoo Management
System. It ...)
+ TODO: check
+CVE-2022-2803 (A vulnerability was found in SourceCodester Zoo Management
System and ...)
+ TODO: check
+CVE-2022-2802 (A vulnerability has been found in SourceCodester Gas Agency
Management ...)
+ TODO: check
+CVE-2022-2801 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2022-2800 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
CVE-2022-2799
RESERVED
CVE-2022-2798
RESERVED
-CVE-2022-2797
- RESERVED
+CVE-2022-2797 (A vulnerability classified as critical was found in
SourceCodester Stu ...)
+ TODO: check
CVE-2022-2796
RESERVED
CVE-2022-2795
@@ -1842,11 +1916,9 @@ CVE-2022-37414
RESERVED
CVE-2022-37413
RESERVED
-CVE-2022-37401
- RESERVED
+CVE-2022-37401 (Apache OpenOffice supports the storage of passwords for web
connection ...)
NOT-FOR-US: Apache OpenOffice
-CVE-2022-37400
- RESERVED
+CVE-2022-37400 (Apache OpenOffice supports the storage of passwords for web
connection ...)
NOT-FOR-US: Apache OpenOffice
CVE-2022-37399
RESERVED
@@ -1943,8 +2015,8 @@ CVE-2022-2648 (A vulnerability was found in
SourceCodester Multi Language Hotel
NOT-FOR-US: SourceCodester Multi Language Hotel Management Software
CVE-2022-2647 (A vulnerability was found in jeecg-boot. It has been declared
as criti ...)
NOT-FOR-US: Jeecg-boot
-CVE-2022-37397
- RESERVED
+CVE-2022-37397 (An issue was discovered in the YugabyteDB 2.6.1 when using
LDAP-based ...)
+ TODO: check
CVE-2022-37345
RESERVED
CVE-2022-37334
@@ -2187,113 +2259,91 @@ CVE-2022-2625 [extension scripts replace objects not
owned by the extension]
[bullseye] - postgresql-13 <postponed> (Minor issue, fix along in next
update)
- postgresql-11 <removed>
NOTE: https://www.postgresql.org/support/security/CVE-2022-2625/
-CVE-2022-2624
- RESERVED
+CVE-2022-2624 (Heap buffer overflow in PDF in Google Chrome prior to
104.0.5112.79 al ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2623
- RESERVED
+CVE-2022-2623 (Use after free in Offline in Google Chrome on Android prior to
104.0.5 ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2622
- RESERVED
+CVE-2022-2622 (Insufficient validation of untrusted input in Safe Browsing in
Google ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2621
- RESERVED
+CVE-2022-2621 (Use after free in Extensions in Google Chrome prior to
104.0.5112.79 a ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2620
- RESERVED
+CVE-2022-2620 (Use after free in WebUI in Google Chrome on Chrome OS prior to
104.0.5 ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2619
- RESERVED
+CVE-2022-2619 (Insufficient validation of untrusted input in Settings in
Google Chrom ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2618
- RESERVED
+CVE-2022-2618 (Insufficient validation of untrusted input in Internals in
Google Chro ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2617
- RESERVED
+CVE-2022-2617 (Use after free in Extensions API in Google Chrome prior to
104.0.5112. ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2616
- RESERVED
+CVE-2022-2616 (Inappropriate implementation in Extensions API in Google Chrome
prior ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2615
- RESERVED
+CVE-2022-2615 (Insufficient policy enforcement in Cookies in Google Chrome
prior to 1 ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2614
- RESERVED
+CVE-2022-2614 (Use after free in Sign-In Flow in Google Chrome prior to
104.0.5112.79 ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2613
- RESERVED
+CVE-2022-2613 (Use after free in Input in Google Chrome on Chrome OS prior to
104.0.5 ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2612
- RESERVED
+CVE-2022-2612 (Side-channel information leakage in Keyboard input in Google
Chrome pr ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2611
- RESERVED
+CVE-2022-2611 (Inappropriate implementation in Fullscreen API in Google Chrome
on And ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2610
- RESERVED
+CVE-2022-2610 (Insufficient policy enforcement in Background Fetch in Google
Chrome p ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2609
- RESERVED
+CVE-2022-2609 (Use after free in Nearby Share in Google Chrome on Chrome OS
prior to ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2608
- RESERVED
+CVE-2022-2608 (Use after free in Overview Mode in Google Chrome on Chrome OS
prior to ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2607
- RESERVED
+CVE-2022-2607 (Use after free in Tab Strip in Google Chrome on Chrome OS prior
to 104 ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2606
- RESERVED
+CVE-2022-2606 (Use after free in Managed devices API in Google Chrome prior to
104.0. ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2605
- RESERVED
+CVE-2022-2605 (Out of bounds read in Dawn in Google Chrome prior to
104.0.5112.79 all ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2604
- RESERVED
+CVE-2022-2604 (Use after free in Safe Browsing in Google Chrome prior to
104.0.5112.7 ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2603
- RESERVED
+CVE-2022-2603 (Use after free in Omnibox in Google Chrome prior to
104.0.5112.79 allo ...)
{DSA-5201-1}
- chromium 104.0.5112.79-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -2910,8 +2960,8 @@ CVE-2022-2588
- linux 5.18.16-1
NOTE:
https://lore.kernel.org/netdev/[email protected]/T/#u
NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/6
-CVE-2022-2587
- RESERVED
+CVE-2022-2587 (Out of bounds write in Chrome OS Audio Server in Google Chrome
on Chro ...)
+ TODO: check
CVE-2022-2586
RESERVED
- linux 5.18.16-1
@@ -5506,8 +5556,8 @@ CVE-2022-35982
RESERVED
CVE-2022-35981
RESERVED
-CVE-2022-35980
- RESERVED
+CVE-2022-35980 (OpenSearch Security is a plugin for OpenSearch that offers
encryption, ...)
+ TODO: check
CVE-2022-35979
RESERVED
CVE-2022-35978
@@ -5554,22 +5604,22 @@ CVE-2022-35958
RESERVED
CVE-2022-35957
RESERVED
-CVE-2022-35956
- RESERVED
+CVE-2022-35956 (This Rails gem adds two methods to the ActiveRecord::Base
class that a ...)
+ TODO: check
CVE-2022-35955
RESERVED
CVE-2022-35954
RESERVED
-CVE-2022-35953
- RESERVED
+CVE-2022-35953 (BookWyrm is a social network for tracking your reading,
talking about ...)
+ TODO: check
CVE-2022-35952
RESERVED
CVE-2022-35951
RESERVED
CVE-2022-35950
RESERVED
-CVE-2022-35949
- RESERVED
+CVE-2022-35949 (undici is an HTTP/1.1 client, written from scratch for
Node.js.`undici ...)
+ TODO: check
CVE-2022-35948
RESERVED
CVE-2022-35947
@@ -5580,10 +5630,10 @@ CVE-2022-35945
RESERVED
CVE-2022-35944
RESERVED
-CVE-2022-35943
- RESERVED
-CVE-2022-35942
- RESERVED
+CVE-2022-35943 (Shield is an authentication and authorization framework for
CodeIgnite ...)
+ TODO: check
+CVE-2022-35942 (Improper input validation on the `contains` LoopBack filter
may allow ...)
+ TODO: check
CVE-2022-35941
RESERVED
CVE-2022-35940
@@ -60110,7 +60160,8 @@ CVE-2022-20361 (In btif_dm_auth_cmpl_evt of btif_dm.cc,
there is a possible vuln
NOT-FOR-US: Android
CVE-2022-20360 (In setChecked of SecureNfcPreferenceController.java, there is
a missin ...)
NOT-FOR-US: Android
-CVE-2022-20359 (In various methods of NotificationManagerService.java, there
is a poss ...)
+CVE-2022-20359
+ REJECTED
TODO: check - not listed in linked bulletin
CVE-2022-20358 (In startSync of AbstractThreadedSyncAdapter.java, there is a
possible ...)
NOT-FOR-US: Android
@@ -95084,10 +95135,10 @@ CVE-2021-29120
RESERVED
CVE-2021-29119
RESERVED
-CVE-2021-29118
- RESERVED
-CVE-2021-29117
- RESERVED
+CVE-2021-29118 (An out-of-bounds read vulnerability exists when parsing a
specially cr ...)
+ TODO: check
+CVE-2021-29117 (A use-after-free vulnerability when parsing a specially
crafted file i ...)
+ TODO: check
CVE-2021-29116 (A stored Cross Site Scripting (XSS) vulnerability in Esri
ArcGIS Serve ...)
NOT-FOR-US: Esri ArcGIS Server
CVE-2021-29115 (An information disclosure vulnerability in the ArcGIS Service
Director ...)
@@ -95096,8 +95147,8 @@ CVE-2021-29114 (A SQL injection vulnerability in
feature services provided by Es
NOT-FOR-US: Esri ArcGIS
CVE-2021-29113 (A remote file inclusion vulnerability in the ArcGIS Server
help docume ...)
NOT-FOR-US: ArcGIS Server
-CVE-2021-29112
- RESERVED
+CVE-2021-29112 (An out-of-bounds read vulnerability exists when parsing a
specially cr ...)
+ TODO: check
CVE-2021-29111
RESERVED
CVE-2021-29110 (Stored cross-site scripting (XSS) issue in Esri Portal for
ArcGIS may ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f32b2c8a59daee1f96d7bca2b324b1db227cd8d7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f32b2c8a59daee1f96d7bca2b324b1db227cd8d7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
