Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
78a370a2 by security tracker role at 2022-09-14T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent
function i ...)
+ TODO: check
+CVE-2022-40673 (KDiskMark before 3.1.0 lacks authorization checking for D-Bus
methods ...)
+ TODO: check
+CVE-2022-40670
+ RESERVED
+CVE-2022-40669
+ RESERVED
+CVE-2022-40668
+ RESERVED
+CVE-2022-40667
+ RESERVED
+CVE-2022-40666
+ RESERVED
+CVE-2022-40665
+ RESERVED
+CVE-2022-40664
+ RESERVED
+CVE-2022-40663
+ RESERVED
+CVE-2022-40662
+ RESERVED
+CVE-2022-40661
+ RESERVED
+CVE-2022-40660
+ RESERVED
+CVE-2022-40659
+ RESERVED
+CVE-2022-40658
+ RESERVED
+CVE-2022-40657
+ RESERVED
+CVE-2022-40656
+ RESERVED
+CVE-2022-40655
+ RESERVED
+CVE-2022-40654
+ RESERVED
+CVE-2022-40653
+ RESERVED
+CVE-2022-40652
+ RESERVED
+CVE-2022-40651
+ RESERVED
+CVE-2022-40650
+ RESERVED
+CVE-2022-40649
+ RESERVED
+CVE-2022-40648
+ RESERVED
+CVE-2022-40647
+ RESERVED
+CVE-2022-40646
+ RESERVED
+CVE-2022-40645
+ RESERVED
+CVE-2022-40644
+ RESERVED
+CVE-2022-40643
+ RESERVED
+CVE-2022-40642
+ RESERVED
+CVE-2022-40641
+ RESERVED
+CVE-2022-40640
+ RESERVED
+CVE-2022-40639
+ RESERVED
+CVE-2022-40638
+ RESERVED
+CVE-2022-40637
+ RESERVED
+CVE-2022-40636
+ RESERVED
+CVE-2022-3210
+ RESERVED
+CVE-2022-31735
+ RESERVED
+CVE-2021-46838
+ RESERVED
CVE-2022-40635 (Improper Control of Dynamically-Managed Code Resources
vulnerability i ...)
NOT-FOR-US: Crafter Studio of Crafter CMS
CVE-2022-40634 (Improper Control of Dynamically-Managed Code Resources
vulnerability i ...)
@@ -18,8 +98,8 @@ CVE-2022-3207
RESERVED
CVE-2022-3206
RESERVED
-CVE-2022-3205
- RESERVED
+CVE-2022-3205 (An XSS exists in automation controller UI where the project
name is su ...)
+ TODO: check
CVE-2022-3204
RESERVED
CVE-2022-3203
@@ -57,18 +137,18 @@ CVE-2022-40628
RESERVED
CVE-2022-40627
RESERVED
-CVE-2022-40626
- RESERVED
+CVE-2022-40626 (An unauthenticated user can create a link with reflected
Javascript co ...)
+ TODO: check
CVE-2022-40625
RESERVED
CVE-2022-40624
RESERVED
-CVE-2022-40623
- RESERVED
-CVE-2022-40622
- RESERVED
-CVE-2022-40621
- RESERVED
+CVE-2022-40623 (The WAVLINK Quantum D4G (WN531G3) running firmware version
M31G3.V5030 ...)
+ TODO: check
+CVE-2022-40622 (The WAVLINK Quantum D4G (WN531G3) running firmware version
M31G3.V5030 ...)
+ TODO: check
+CVE-2022-40621 (Because the WAVLINK Quantum D4G (WN531G3) running firmware
version M31 ...)
+ TODO: check
CVE-2022-40620
RESERVED
CVE-2022-40619
@@ -119,8 +199,8 @@ CVE-2022-3184
RESERVED
CVE-2022-3183
RESERVED
-CVE-2022-3182
- RESERVED
+CVE-2022-3182 (Improper Access Control vulnerability in the Duo SMS two-factor
of Dev ...)
+ TODO: check
CVE-2022-40606
RESERVED
CVE-2022-40605
@@ -1844,22 +1924,22 @@ CVE-2022-39823
RESERVED
CVE-2022-39822
RESERVED
-CVE-2022-39821
- RESERVED
+CVE-2022-39821 (In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information
into an ...)
+ TODO: check
CVE-2022-39820
RESERVED
-CVE-2022-39819
- RESERVED
+CVE-2022-39819 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection
vulnerabilities ...)
+ TODO: check
CVE-2022-39818
RESERVED
-CVE-2022-39817
- RESERVED
-CVE-2022-39816
- RESERVED
-CVE-2022-39815
- RESERVED
-CVE-2022-39814
- RESERVED
+CVE-2022-39817 (In NOKIA 1350 OMS R14.2, multiple SQL Injection
vulnerabilities occur ...)
+ TODO: check
+CVE-2022-39816 (In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials
(clearte ...)
+ TODO: check
+CVE-2022-39815 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection
vulnerabilities ...)
+ TODO: check
+CVE-2022-39814 (In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs
is the ...)
+ TODO: check
CVE-2022-39813
RESERVED
CVE-2022-39812
@@ -4349,14 +4429,14 @@ CVE-2022-3000
RESERVED
CVE-2022-38772 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP,
Network Co ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-38771
- RESERVED
-CVE-2022-38770
- RESERVED
-CVE-2022-38769
- RESERVED
-CVE-2022-38768
- RESERVED
+CVE-2022-38771 (The mobile application in Transtek Mojodat FAM (Fixed Asset
Management ...)
+ TODO: check
+CVE-2022-38770 (The mobile application in Transtek Mojodat FAM (Fixed Asset
Management ...)
+ TODO: check
+CVE-2022-38769 (The mobile application in Transtek Mojodat FAM (Fixed Asset
Management ...)
+ TODO: check
+CVE-2022-38768 (The mobile application in Transtek Mojodat FAM (Fixed Asset
Management ...)
+ TODO: check
CVE-2022-38767
RESERVED
CVE-2022-38766
@@ -4609,8 +4689,7 @@ CVE-2022-2964 (A flaw was found in the Linux
kernel’s driver for the ASIX
NOTE:
https://git.kernel.org/linus/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581 (5.17-rc4)
CVE-2022-2963
RESERVED
-CVE-2022-2962
- RESERVED
+CVE-2022-2962 (A DMA reentrancy issue was found in the Tulip device emulation
in QEMU ...)
- qemu 1:7.1+dfsg-2 (bug #1018055)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
@@ -4831,16 +4910,16 @@ CVE-2022-38639 (A cross-site scripting (XSS)
vulnerability in Markdown-Nice v1.8
NOT-FOR-US: Markdown-Nice
CVE-2022-38638 (Casdoor v1.97.3 was discovered to contain an arbitrary file
write vuln ...)
NOT-FOR-US: Casdoor
-CVE-2022-38637
- RESERVED
+CVE-2022-38637 (Hospital Management System v1.0 was discovered to contain
multiple SQL ...)
+ TODO: check
CVE-2022-38636
RESERVED
CVE-2022-38635
RESERVED
CVE-2022-38634
RESERVED
-CVE-2022-38633
- RESERVED
+CVE-2022-38633 (Genymotion Desktop v3.2.1 was discovered to contain a DLL
hijacking vu ...)
+ TODO: check
CVE-2022-38632
RESERVED
CVE-2022-38631
@@ -5121,12 +5200,12 @@ CVE-2022-38499
RESERVED
CVE-2022-38498
RESERVED
-CVE-2022-38497
- RESERVED
-CVE-2022-38496
- RESERVED
-CVE-2022-38495
- RESERVED
+CVE-2022-38497 (LIEF commit 365a16a was discovered to contain a segmentation
violation ...)
+ TODO: check
+CVE-2022-38496 (LIEF commit 365a16a was discovered to contain a reachable
assertion ab ...)
+ TODO: check
+CVE-2022-38495 (LIEF commit 365a16a was discovered to contain a heap-buffer
overflow v ...)
+ TODO: check
CVE-2022-38078 (Movable Type XMLRPC API provided by Six Apart Ltd. contains a
command ...)
- movabletype-opensource <removed>
CVE-2022-2925 (Cross-site Scripting (XSS) - Stored in GitHub repository
appwrite/appw ...)
@@ -5805,8 +5884,8 @@ CVE-2022-38344
RESERVED
CVE-2022-38343
RESERVED
-CVE-2022-38342
- RESERVED
+CVE-2022-38342 (Safe Software FME Server v2022.0.1.1 and below was discovered
to conta ...)
+ TODO: check
CVE-2022-38341
RESERVED
CVE-2022-38340
@@ -5831,8 +5910,8 @@ CVE-2022-38331
RESERVED
CVE-2022-38330
RESERVED
-CVE-2022-38329
- RESERVED
+CVE-2022-38329 (An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF
vulnera ...)
+ TODO: check
CVE-2022-38328
RESERVED
CVE-2022-38327
@@ -5875,10 +5954,10 @@ CVE-2022-38309 (Tenda AC18 router v15.03.05.19 and
v15.03.05.05 was discovered t
NOT-FOR-US: Tenda
CVE-2022-38308
RESERVED
-CVE-2022-38307
- RESERVED
-CVE-2022-38306
- RESERVED
+CVE-2022-38307 (LIEF commit 5d1d643 was discovered to contain a segmentation
violation ...)
+ TODO: check
+CVE-2022-38306 (LIEF commit 5d1d643 was discovered to contain a heap-buffer
overflow i ...)
+ TODO: check
CVE-2022-36403 (Untrusted search path vulnerability in the installer of Device
Softwar ...)
NOT-FOR-US: Ricoh
CVE-2022-2825
@@ -5899,8 +5978,8 @@ CVE-2022-2819 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE:
https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889
(v9.0.0211)
CVE-2022-2818 (Authentication Bypass by Primary Weakness in GitHub repository
cockpit ...)
NOT-FOR-US: Cockpit-HQ/Cockpit
-CVE-2022-38305
- RESERVED
+CVE-2022-38305 (AeroCMS v0.0.1 was discovered to contain an arbitrary file
upload vuln ...)
+ TODO: check
CVE-2022-38304 (Online Leave Management System v1.0 was discovered to contain
a SQL in ...)
NOT-FOR-US: Online Leave Management System
CVE-2022-38303 (Online Leave Management System v1.0 was discovered to contain
a SQL in ...)
@@ -7382,8 +7461,8 @@ CVE-2022-37705
RESERVED
CVE-2022-37704
RESERVED
-CVE-2022-37703
- RESERVED
+CVE-2022-37703 (In Amanda 3.5.1, an information leak vulnerability was found
in the ca ...)
+ TODO: check
CVE-2022-37702
RESERVED
CVE-2022-37701
@@ -8754,10 +8833,10 @@ CVE-2022-37193
RESERVED
CVE-2022-37192
RESERVED
-CVE-2022-37191
- RESERVED
-CVE-2022-37190
- RESERVED
+CVE-2022-37191 (The component "cuppa/api/index.php" of CuppaCMS v1.0 is
Vulnerable to ...)
+ TODO: check
+CVE-2022-37190 (CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An
authenti ...)
+ TODO: check
CVE-2022-37189 (DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity
(XXE), l ...)
NOT-FOR-US: DDMAL MEI2Volpiano
CVE-2022-37188
@@ -8860,14 +8939,14 @@ CVE-2022-37142
RESERVED
CVE-2022-37141
RESERVED
-CVE-2022-37140
- RESERVED
-CVE-2022-37139
- RESERVED
-CVE-2022-37138
- RESERVED
-CVE-2022-37137
- RESERVED
+CVE-2022-37140 (PayMoney 3.3 is vulnerable to Client Side Remote Code
Execution (RCE). ...)
+ TODO: check
+CVE-2022-37139 (Loan Management System version 1.0 suffers from a persistent
cross sit ...)
+ TODO: check
+CVE-2022-37138 (Loan Management System 1.0 is vulnerable to SQL Injection at
the login ...)
+ TODO: check
+CVE-2022-37137 (PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting
(XSS) during ...)
+ TODO: check
CVE-2022-37136
RESERVED
CVE-2022-37135
@@ -9804,8 +9883,8 @@ CVE-2022-36770
RESERVED
CVE-2022-36769
RESERVED
-CVE-2022-36768
- RESERVED
+CVE-2022-36768 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
+ TODO: check
CVE-2022-2546
RESERVED
CVE-2022-2545
@@ -10025,12 +10104,12 @@ CVE-2022-36671 (Novel-Plus v3.6.2 was discovered to
contain an arbitrary file do
NOT-FOR-US: Novel-Plus
CVE-2022-36670 (PCProtect Endpoint prior to v5.17.470 for Microsoft Windows
lacks tamp ...)
NOT-FOR-US: PCProtect Endpoint
-CVE-2022-36669
- RESERVED
-CVE-2022-36668
- RESERVED
-CVE-2022-36667
- RESERVED
+CVE-2022-36669 (Hospital Information System version 1.0 suffers from a remote
SQL inje ...)
+ TODO: check
+CVE-2022-36668 (Garage Management System 1.0 is vulnerable to Stored Cross
Site Script ...)
+ TODO: check
+CVE-2022-36667 (Garage Management System 1.0 is vulnerable to the Remote Code
Executio ...)
+ TODO: check
CVE-2022-36666
RESERVED
CVE-2022-36665
@@ -10518,8 +10597,8 @@ CVE-2022-36438
RESERVED
CVE-2022-36437
RESERVED
-CVE-2022-36436
- RESERVED
+CVE-2022-36436 (OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by
an vncap ...)
+ TODO: check
CVE-2022-36435
RESERVED
CVE-2022-36434
@@ -12670,8 +12749,8 @@ CVE-2022-35639 (IBM Sterling Partner Engagement Manager
6.1, 6.2, and Cloud 22.2
NOT-FOR-US: IBM
CVE-2022-35638
RESERVED
-CVE-2022-35637
- RESERVED
+CVE-2022-35637 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and
11.5 is ...)
+ TODO: check
CVE-2022-35636
RESERVED
CVE-2022-35635
@@ -12826,8 +12905,8 @@ CVE-2022-35583 (wkhtmlTOpdf 0.12.6 is vulnerable to
SSRF which allows an attacke
NOTE: By design, wkhtmltopdf retrieves external resources. If it is
employed inside
NOTE: a protected network in an automated way, a malicious actor may
access internal
NOTE: resources. A user of wkhtmltopdf should restrict such access.
-CVE-2022-35582
- RESERVED
+CVE-2022-35582 (Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.*
are vulner ...)
+ TODO: check
CVE-2022-35581
RESERVED
CVE-2022-35580
@@ -13292,8 +13371,8 @@ CVE-2022-2362 (The Download Manager WordPress plugin
before 3.2.50 prioritizes g
NOT-FOR-US: WordPress plugin
CVE-2022-2361 (The WP Social Chat WordPress plugin before 6.0.5 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-35413
- RESERVED
+CVE-2022-35413 (WAPPLES through 6.0 has a hardcoded systemi account accessible
via db/ ...)
+ TODO: check
CVE-2022-35412 (Digital Guardian Agent 7.7.4.0042 allows an administrator (who
ordinar ...)
NOT-FOR-US: Digital Guardian Agent
CVE-2022-2360
@@ -14834,8 +14913,8 @@ CVE-2022-34833
RESERVED
CVE-2022-34832
RESERVED
-CVE-2022-34831
- RESERVED
+CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before
7.9.0, rela ...)
+ TODO: check
CVE-2022-34830
RESERVED
CVE-2022-34829 (Zoho ManageEngine ADSelfService Plus before 6203 allows a
denial of se ...)
@@ -16163,8 +16242,8 @@ CVE-2022-34358 (IBM i 7.2, 7.3, 7.4, and 7.5 is
vulnerable to cross-site scripti
NOT-FOR-US: IBM
CVE-2022-34357
RESERVED
-CVE-2022-34356
- RESERVED
+CVE-2022-34356 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
+ TODO: check
CVE-2022-34355
RESERVED
CVE-2022-34354
@@ -16217,8 +16296,8 @@ CVE-2022-34338 (IBM Robotic Process Automation 21.0.0,
21.0.1, and 21.0.2 could
NOT-FOR-US: IBM
CVE-2022-34337
RESERVED
-CVE-2022-34336
- RESERVED
+CVE-2022-34336 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
+ TODO: check
CVE-2022-34335
RESERVED
CVE-2022-34334
@@ -16875,10 +16954,10 @@ CVE-2022-34104
RESERVED
CVE-2022-34103
RESERVED
-CVE-2022-34102
- RESERVED
-CVE-2022-34101
- RESERVED
+CVE-2022-34102 (Insufficient access control vulnerability was discovered in
the Crestr ...)
+ TODO: check
+CVE-2022-34101 (A vulnerability was discovered in the Crestron AirMedia
Windows Applic ...)
+ TODO: check
CVE-2022-34100 (A vulnerability was discovered in the Crestron AirMedia
Windows Applic ...)
TODO: check
CVE-2022-34099
@@ -20538,8 +20617,8 @@ CVE-2022-32557 (An issue was discovered in Couchbase
Server before 7.0.4. The In
NOT-FOR-US: Couchbase Server
CVE-2022-32556 (An issue was discovered in Couchbase Server before 7.0.4. A
private ke ...)
NOT-FOR-US: Couchbase Server
-CVE-2022-32555
- RESERVED
+CVE-2022-32555 (Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x
before 7 ...)
+ TODO: check
CVE-2022-32554 (Pure Storage FlashArray products running Purity//FA 6.2.0 -
6.2.3, 6.1 ...)
NOT-FOR-US: Pure Storage FlashArray
CVE-2022-32553 (Pure Storage FlashArray products running Purity//FA 6.2.0 -
6.2.3, 6.1 ...)
@@ -21528,8 +21607,8 @@ CVE-2022-32246 (SAP Busines Objects Business
Intelligence Platform (Visual Diffe
NOT-FOR-US: SAP
CVE-2022-32245 (SAP BusinessObjects Business Intelligence Platform (Open
Document) - v ...)
NOT-FOR-US: SAP
-CVE-2022-32244
- RESERVED
+CVE-2022-32244 (Under certain conditions an attacker authenticated as a CMS
administra ...)
+ TODO: check
CVE-2022-32243 (When a user opens manipulated Scalable Vector Graphics (.svg,
svg.x3d) ...)
NOT-FOR-US: SAP
CVE-2022-32242 (When a user opens manipulated Radiance Picture (.hdr, hdr.x3d)
files r ...)
@@ -22548,8 +22627,8 @@ CVE-2022-31863
RESERVED
CVE-2022-31862
RESERVED
-CVE-2022-31861
- RESERVED
+CVE-2022-31861 (Cross site Scripting (XSS) in ThingsBoard IoT Platform through
3.3.4.1 ...)
+ TODO: check
CVE-2022-31860 (An issue was discovered in OpenRemote through 1.0.4 allows
attackers t ...)
NOT-FOR-US: OpenRemote
CVE-2022-31859
@@ -24274,12 +24353,12 @@ CVE-2022-31326
RESERVED
CVE-2022-31325 (There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via
the 'Per ...)
NOT-FOR-US: ChurchCRM
-CVE-2022-31324
- RESERVED
+CVE-2022-31324 (An arbitrary file download vulnerability in the
downloadAction() funct ...)
+ TODO: check
CVE-2022-31323
RESERVED
-CVE-2022-31322
- RESERVED
+CVE-2022-31322 (Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows
attacke ...)
+ TODO: check
CVE-2022-31321 (The foldername parameter in Bolt 5.1.7 was discovered to have
incorrec ...)
NOT-FOR-US: Bolt CMS
CVE-2022-31320
@@ -52096,8 +52175,8 @@ CVE-2022-22485 (In some cases, an unsuccessful attempt
to log into IBM Spectrum
NOT-FOR-US: IBM
CVE-2022-22484 (IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could
allow a ...)
NOT-FOR-US: IBM
-CVE-2022-22483
- RESERVED
+CVE-2022-22483 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and
11.5 is ...)
+ TODO: check
CVE-2022-22482 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.0.3.5 a ...)
NOT-FOR-US: IBM
CVE-2022-22481 (IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could
allow a ...)
@@ -52402,10 +52481,10 @@ CVE-2022-22332 (IBM Sterling Partner Engagement
Manager 6.2.0 could allow an att
NOT-FOR-US: IBM
CVE-2022-22331 (IBM SterlingPartner Engagement Manager 6.2.0 could allow a
remote auth ...)
NOT-FOR-US: IBM
-CVE-2022-22330
- RESERVED
-CVE-2022-22329
- RESERVED
+CVE-2022-22330 (IBM Control Desk 7.6.1 could allow a remote attacker to obtain
sensiti ...)
+ TODO: check
+CVE-2022-22329 (IBM Control Desk 7.6.1 does not set the secure attribute on
authorizat ...)
+ TODO: check
CVE-2022-22328 (IBM SterlingPartner Engagement Manager 6.2.0 could allow a
malicious u ...)
NOT-FOR-US: IBM
CVE-2022-22327 (IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses
weaker ...)
@@ -53610,6 +53689,7 @@ CVE-2021-45846 (A flaw in the AMF parser of Slic3r
libslic3r 1.3.0 allows an att
NOTE: https://github.com/slic3r/Slic3r/issues/5117
NOTE: Crash in GUI tool, no security impact
CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to
OS comma ...)
+ {DSA-5229-1}
- freecad 0.19.4+dfsg1-1
[buster] - freecad <not-affected> (Vulnerable code introduced in 0.19)
[stretch] - freecad <not-affected> (Vulnerable code introduced in 0.19)
@@ -53619,7 +53699,7 @@ CVE-2021-45845 (The Path Sanity Check script of FreeCAD
0.19 is vulnerable to OS
NOTE: Fixed by:
https://github.com/FreeCAD/FreeCAD/commit/a73f442f88725e08f36a3614e690bdef24c3dee3
(0.19.4)
NOTE: https://tracker.freecad.org/view.php?id=4810
CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter
from Fre ...)
- {DLA-3076-1 DLA-2934-1}
+ {DSA-5229-1 DLA-3076-1 DLA-2934-1}
- freecad 0.19.4+dfsg1-1 (bug #1005747)
NOTE: Fixed by;
https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6
(master)
NOTE: Fxied by:
https://github.com/FreeCAD/FreeCAD/commit/ad6977f940d3e64d78a4367452d9a338ad43fa1c
(0.19.4)
@@ -66684,37 +66764,36 @@ CVE-2022-20401 (In SAEMM_RetrievEPLMNList of
SAEMM_ContextManagement.c, there is
NOT-FOR-US: Android
CVE-2022-20400 (In cd_CodeMsg of cd_codec.c, there is a possible out of bounds
write d ...)
NOT-FOR-US: Android
-CVE-2022-20399
- RESERVED
+CVE-2022-20399 (In the SEPolicy configuration of system apps, there is a
possible acce ...)
NOT-FOR-US: Android
-CVE-2022-20398
- RESERVED
+CVE-2022-20398 (In addOrUpdateNetwork of WifiServiceImpl.java, there is a
possible way ...)
+ TODO: check
CVE-2022-20397
RESERVED
-CVE-2022-20396
- RESERVED
-CVE-2022-20395
- RESERVED
+CVE-2022-20396 (In SettingsActivity.java, there is a possible way to make a
device dis ...)
+ TODO: check
+CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file
deletio ...)
+ TODO: check
CVE-2022-20394
RESERVED
-CVE-2022-20393
- RESERVED
-CVE-2022-20392
- RESERVED
-CVE-2022-20391
- RESERVED
-CVE-2022-20390
- RESERVED
-CVE-2022-20389
- RESERVED
-CVE-2022-20388
- RESERVED
-CVE-2022-20387
- RESERVED
-CVE-2022-20386
- RESERVED
-CVE-2022-20385
- RESERVED
+CVE-2022-20393 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp,
there is a p ...)
+ TODO: check
+CVE-2022-20392 (In declareDuplicatePermission of ParsedPermissionUtils.java,
there is ...)
+ TODO: check
+CVE-2022-20391 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-238257000 ...)
+ TODO: check
+CVE-2022-20390 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-238257002 ...)
+ TODO: check
+CVE-2022-20389 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-238257004 ...)
+ TODO: check
+CVE-2022-20388 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-238227323 ...)
+ TODO: check
+CVE-2022-20387 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-238227324 ...)
+ TODO: check
+CVE-2022-20386 (Summary:Product: AndroidVersions: Android SoCAndroid ID:
A-238227328 ...)
+ TODO: check
+CVE-2022-20385 (a function called 'nla_parse', do not check the len of para,
it will c ...)
+ TODO: check
CVE-2022-20384 (Product: AndroidVersions: Android kernelAndroid ID:
A-211727306Referen ...)
NOT-FOR-US: Android
CVE-2022-20383 (In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there
is a pos ...)
@@ -82631,8 +82710,8 @@ CVE-2021-36570
RESERVED
CVE-2021-36569
RESERVED
-CVE-2021-36568
- RESERVED
+CVE-2021-36568 (In certain Moodle products after creating a course, it is
possible to ...)
+ TODO: check
CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization
vulnerabil ...)
NOT-FOR-US: ThinkPHP
CVE-2021-36566
@@ -133455,10 +133534,10 @@ CVE-2021-0945
RESERVED
CVE-2021-0944
RESERVED
-CVE-2021-0943
- RESERVED
-CVE-2021-0942
- RESERVED
+CVE-2021-0943 (In MMU_MapPages of TBD, there is a possible out of bounds write
due to ...)
+ TODO: check
+CVE-2021-0942 (The path in this case is a little bit convoluted. The end
result is th ...)
+ TODO: check
CVE-2021-0941 (In bpf_skb_change_head of filter.c, there is a possible out of
bounds ...)
- linux 5.10.28-1
[buster] - linux 4.19.194-1
@@ -133628,8 +133707,8 @@ CVE-2021-0873
RESERVED
CVE-2021-0872
RESERVED
-CVE-2021-0871
- RESERVED
+CVE-2021-0871 (In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel
driver, a mi ...)
+ TODO: check
CVE-2021-0870 (In RW_SetActivatedTagType of rw_main.cc, there is possible
memory corr ...)
NOT-FOR-US: Android
CVE-2021-0869 (In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a
possible out ...)
@@ -133979,8 +134058,8 @@ CVE-2021-0699
RESERVED
CVE-2021-0698 (In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of
kernel ...)
NOT-FOR-US: Android
-CVE-2021-0697
- RESERVED
+CVE-2021-0697 (In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a
possible use ...)
+ TODO: check
CVE-2021-0696
RESERVED
CVE-2021-0695 (In get_sock_stat of xt_qtaguid.c, there is a possible out of
bounds re ...)
@@ -155573,10 +155652,10 @@ CVE-2020-19589
RESERVED
CVE-2020-19588
RESERVED
-CVE-2020-19587
- RESERVED
-CVE-2020-19586
- RESERVED
+CVE-2020-19587 (Cross Site Scripting (XSS) vulnerability in configMap
parameters in Ye ...)
+ TODO: check
+CVE-2020-19586 (Incorrect Access Control issue in Yellowfin Business
Intelligence 7.3 ...)
+ TODO: check
CVE-2020-19585
RESERVED
CVE-2020-19584
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78a370a2ccab5f4643748de6f865a831328a7947
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78a370a2ccab5f4643748de6f865a831328a7947
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
