[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 24 Aug 2022 01:10:42 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7d7e26f1 by security tracker role at 2022-08-24T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2022-38730
+       RESERVED
+CVE-2022-38729
+       RESERVED
+CVE-2022-38728
+       RESERVED
+CVE-2022-38727
+       RESERVED
+CVE-2022-38726
+       RESERVED
+CVE-2022-38725
+       RESERVED
+CVE-2022-38724
+       RESERVED
+CVE-2022-38723
+       RESERVED
+CVE-2022-38722
+       RESERVED
+CVE-2022-38721
+       RESERVED
+CVE-2022-38720
+       RESERVED
+CVE-2022-38719
+       RESERVED
+CVE-2022-38718
+       RESERVED
+CVE-2022-38717
+       RESERVED
+CVE-2022-2977
+       RESERVED
+CVE-2022-2976
+       RESERVED
+CVE-2022-2975
+       RESERVED
+CVE-2022-2974
+       RESERVED
+CVE-2020-36601
+       RESERVED
+CVE-2020-36600
+       RESERVED
 CVE-2022-38714
        RESERVED
 CVE-2022-38713
@@ -218,8 +258,7 @@ CVE-2022-2940
        RESERVED
 CVE-2022-2939
        RESERVED
-CVE-2022-2938
-       RESERVED
+CVE-2022-2938 (A flaw was found in the Linux kernel's implementation of 
Pressure Stal ...)
        - linux 5.16.7-1
        [bullseye] - linux 5.10.103-1
        [buster] - linux <not-affected> (Vulnerable code not present)
@@ -721,8 +760,8 @@ CVE-2022-2900
        RESERVED
 CVE-2022-38464
        RESERVED
-CVE-2022-38463
-       RESERVED
+CVE-2022-38463 (ServiceNow through San Diego Patch 4b and Patch 6 allows 
reflected XSS ...)
+       TODO: check
 CVE-2022-38462
        RESERVED
 CVE-2022-38450
@@ -1749,8 +1788,8 @@ CVE-2022-38145
        RESERVED
 CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key 
could be wr ...)
        NOT-FOR-US: JetBrains TeamCity
-CVE-2022-38132
-       RESERVED
+CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while 
Registr ...)
+       TODO: check
 CVE-2022-38131
        RESERVED
 CVE-2022-38130 (The 
com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...)
@@ -3418,8 +3457,8 @@ CVE-2022-37420
        RESERVED
 CVE-2022-37419
        RESERVED
-CVE-2022-37418
-       RESERVED
+CVE-2022-37418 (The Remote Keyless Entry (RKE) receiving unit on certain 
Nissan, Kia,  ...)
+       TODO: check
 CVE-2022-37417
        RESERVED
 CVE-2022-37416 (Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping 
memory  ...)
@@ -3748,8 +3787,8 @@ CVE-2022-37307
        RESERVED
 CVE-2022-37306
        RESERVED
-CVE-2022-37305
-       RESERVED
+CVE-2022-37305 (The Remote Keyless Entry (RKE) receiving unit on certain Honda 
vehicle ...)
+       TODO: check
 CVE-2022-36426
        RESERVED
 CVE-2022-36397
@@ -4759,8 +4798,8 @@ CVE-2022-36946 (nfqnl_mangle in 
net/netfilter/nfnetlink_queue.c in the Linux ker
        - linux 5.18.16-1
        NOTE: https://marc.info/?l=netfilter-devel&m=165883202007292&w=2
        NOTE: Fixed by: 
https://git.kernel.org/linus/99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
-CVE-2022-36945
-       RESERVED
+CVE-2022-36945 (The Remote Keyless Entry (RKE) receiving unit on certain Mazda 
vehicle ...)
+       TODO: check
 CVE-2022-36944
        RESERVED
 CVE-2022-36797
@@ -18359,8 +18398,7 @@ CVE-2022-31678
        RESERVED
 CVE-2022-31677
        RESERVED
-CVE-2022-31676
-       RESERVED
+CVE-2022-31676 (VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local 
privilege es ...)
        - open-vm-tools <unfixed> (bug #1018012)
        NOTE: Fixed by: 
https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745
 (stable-12.1.0)
        NOTE: 
https://github.com/vmware/open-vm-tools/blob/CVE-2022-31676.patch/1205-Properly-check-authorization-on-incoming-guestOps-re.patch
@@ -35108,8 +35146,8 @@ CVE-2022-25906
        RESERVED
 CVE-2022-25904
        RESERVED
-CVE-2022-25903
-       RESERVED
+CVE-2022-25903 (The package opcua from 0.0.0 are vulnerable to Denial of 
Service (DoS) ...)
+       TODO: check
 CVE-2022-25902
        RESERVED
 CVE-2022-25901
@@ -35346,8 +35384,8 @@ CVE-2022-24377
        RESERVED
 CVE-2022-24376 (All versions of package git-promise are vulnerable to Command 
Injectio ...)
        NOT-FOR-US: Node git-promise
-CVE-2022-24375
-       RESERVED
+CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial 
of Servi ...)
+       TODO: check
 CVE-2022-24373
        RESERVED
 CVE-2022-24298 (All versions of package freeopcua/freeopcua are vulnerable to 
Denial o ...)
@@ -54822,8 +54860,7 @@ CVE-2021-3998 [Unexpected return value from realpath() 
for too long results]
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee8d5e33adb284601c00c94687bc907e10aec9bb
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5
        NOTE: introduced in 2.33 by: 
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c6e0b0b5b0b7922cdf0dce2af671e0c7e500df95
-CVE-2021-3997 [Uncontrolled recursion in systemd's systemd-tmpfiles]
-       RESERVED
+CVE-2021-3997 (A flaw was found in systemd. An uncontrolled recursion in 
systemd-tmpf ...)
        - systemd 250.2-1 (bug #1003467)
        [bullseye] - systemd 247.3-7
        [buster] - systemd <ignored> (Minor issue; not exploitable before 
upstream commit e535840)
@@ -54838,8 +54875,7 @@ CVE-2021-3997 [Uncontrolled recursion in systemd's 
systemd-tmpfiles]
        NOTE: Fixed by: 
https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
 CVE-2021-44079 (In the wazuh-slack active response script in Wazuh 4.2.x 
before 4.2.5, ...)
        NOT-FOR-US: Wazuh
-CVE-2021-3996
-       RESERVED
+CVE-2021-3996 (A logic error was found in the libmount library of util-linux 
in the f ...)
        {DSA-5055-1}
        - util-linux 2.37.3-1
        [buster] - util-linux <not-affected> (Vulnerable code introduced later)
@@ -54848,8 +54884,7 @@ CVE-2021-3996
        NOTE: Fixed by: 
https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b
 (v2.37.3)
        NOTE: 
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
        NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2
-CVE-2021-3995
-       RESERVED
+CVE-2021-3995 (A logic error was found in the libmount library of util-linux 
in the f ...)
        {DSA-5055-1}
        - util-linux 2.37.3-1
        [buster] - util-linux <not-affected> (Vulnerable code introduced later)
@@ -55088,8 +55123,7 @@ CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not 
properly validate respon
        NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/7
 CVE-2021-3976 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
        NOT-FOR-US: kimai2
-CVE-2021-3975 [segmentation fault during VM shutdown can lead to vdsm hung]
-       RESERVED
+CVE-2021-3975 (A use-after-free flaw was found in libvirt. The 
qemuMonitorUnregister( ...)
        - libvirt 7.6.0-1
        [bullseye] - libvirt <no-dsa> (Minor issue)
        [buster] - libvirt <no-dsa> (Minor issue)
@@ -59623,8 +59657,7 @@ CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 
happily processes a chain
        - rpki-client 7.5-1
        NOTE: 
https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
        NOTE: https://github.com/NLnetLabs/routinator/pull/665
-CVE-2021-3917
-       RESERVED
+CVE-2021-3917 (A flaw was found in the coreos-installer, where it writes the 
Ignition ...)
        NOT-FOR-US: coreos-installer
 CVE-2021-43171
        RESERVED
@@ -120702,9 +120735,9 @@ CVE-2020-35517 (A flaw was found in qemu. A host 
privilege escalation issue was
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html
        NOTE: https://www.openwall.com/lists/oss-security/2021/01/22/1
 CVE-2020-35516
-       RESERVED
+       REJECTED
 CVE-2020-35515
-       RESERVED
+       REJECTED
 CVE-2020-35514 (An insecure modification flaw in the 
/etc/kubernetes/kubeconfig file w ...)
        NOT-FOR-US: OpenShift
 CVE-2020-35513 (A flaw incorrect umask during file or directory modification 
in the Li ...)
@@ -120721,8 +120754,8 @@ CVE-2020-35512 (A use-after-free flaw was found in 
D-Bus Development branch &lt;
        NOTE: 
https://gitlab.freedesktop.org/dbus/dbus/-/commit/2b7948ef907669e844b52c4fa2268d6e3162a70c
 (dbus-1.13.18)
        NOTE: 
https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60
 (dbus-1.12.20)
        NOTE: 
https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd
 (dbus-1.10.32)
-CVE-2020-35511
-       RESERVED
+CVE-2020-35511 (A global buffer overflow was discovered in pngcheck function 
in pngche ...)
+       TODO: check
 CVE-2020-35510 (A flaw was found in jboss-remoting in versions before 
5.0.20.SP1-redha ...)
        - libjboss-remoting-java <removed>
 CVE-2020-35509 (A flaw was found in keycloak affecting versions 11.0.3 and 
12.0.0. An  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7e26f12a350e767c48466d1e6150baea0f4adc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7e26f12a350e767c48466d1e6150baea0f4adc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to