From 432d53fc22c468376809179c08ce83543b892316 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sun, 3 Jul 2022 20:10:21 +0000 Subject: automatic update --- data/CVE/list | 92 +++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 52 insertions(+), 40 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 9293f2a11f..236b5da7d4 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,9 @@ +CVE-2022-2293 + RESERVED +CVE-2022-2292 + RESERVED +CVE-2022-2291 + RESERVED CVE-2022-34915 RESERVED CVE-2022-34914 @@ -10,10 +16,10 @@ CVE-2022-34911 (An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1 TODO: check CVE-2022-2290 (Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/tril ...) TODO: check -CVE-2022-2289 - RESERVED -CVE-2022-2288 - RESERVED +CVE-2022-2289 (Use After Free in GitHub repository vim/vim prior to 9.0. ...) + TODO: check +CVE-2022-2288 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. ...) + TODO: check CVE-2022-34910 RESERVED CVE-2022-34909 @@ -86,7 +92,8 @@ CVE-2022-2284 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to NOTE: Crash in CLI tool, no security impact CVE-2022-2283 RESERVED -CVE-2022-2282 (Improper Authorization in GitHub repository saltstack/salt prior to 30 ...) +CVE-2022-2282 + REJECTED - salt NOTE: https://huntr.dev/bounties/144659fe-49e1-4c47-923f-fe870b2ec4bd/ NOTE: https://github.com/saltstack/salt/commit/d9343cca650d7197d3f6e107ffd506d25a8748ab @@ -142,6 +149,7 @@ CVE-2022-34877 CVE-2022-34876 RESERVED CVE-2022-34903 (GnuPG through 2.3.6, in unusual situations where an attacker possesses ...) + {DSA-5174-1} - gnupg2 2.2.35-3 (bug #1014157) NOTE: https://dev.gnupg.org/T6027 NOTE: https://www.openwall.com/lists/oss-security/2022/06/30/1 @@ -2103,7 +2111,7 @@ CVE-2022-2154 RESERVED CVE-2022-2153 RESERVED - {DLA-3065-1} + {DSA-5173-1 DLA-3065-1} - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069736 @@ -2559,7 +2567,7 @@ CVE-2022-29895 CVE-2022-29871 RESERVED CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable ...) - {DLA-3065-1} + {DSA-5173-1 DLA-3065-1} - linux 5.17.6-1 [bullseye] - linux 5.10.113-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1 @@ -6694,7 +6702,7 @@ CVE-2019-25063 (A vulnerability was found in Sricam IP CCTV Camera. It has been CVE-2019-25062 (A vulnerability was found in Sricam IP CCTV Camera and classified as c ...) NOT-FOR-US: Sricam IP CCTV Camera CVE-2022-32296 (The Linux kernel before 5.17.9 allows TCP servers to identify clients ...) - {DLA-3065-1} + {DSA-5173-1 DLA-3065-1} - linux 5.17.11-1 NOTE: https://git.kernel.org/linus/4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 (5.18-rc6) CVE-2022-32287 @@ -6784,7 +6792,7 @@ CVE-2022-32252 (A vulnerability has been identified in SINEMA Remote Connect Ser CVE-2022-32251 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32250 (net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allow ...) - {DSA-5161-1 DLA-3065-1} + {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.18.2-1 NOTE: https://www.openwall.com/lists/oss-security/2022/05/31/1 NOTE: https://git.kernel.org/linus/520778042ccca019f3ffa136dd0ca565c486cedd @@ -6940,13 +6948,13 @@ CVE-2022-1976 NOTE: https://www.openwall.com/lists/oss-security/2022/06/14/2 CVE-2022-1975 [NFC: netlink: fix sleep in atomic bug when firmware download timeout] RESERVED - {DSA-5161-1 DLA-3065-1} + {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.17.11-1 NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/2 NOTE: https://git.kernel.org/linus/4071bf121d59944d5cd2238de0642f3d7995a997 (5.18-rc6) CVE-2022-1974 RESERVED - {DSA-5161-1 DLA-3065-1} + {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.17.11-1 NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/1 NOTE: https://git.kernel.org/linus/da5c0f119203ad9728920456a0f52a6d850c01cd (5.18-rc6) @@ -10617,7 +10625,7 @@ CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2 NOTE: https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97 (v8.2.4969) NOTE: Crash in CLI tool, no security impact CVE-2022-1734 (A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in driver ...) - {DLA-3065-1} + {DSA-5173-1 DLA-3065-1} - linux 5.17.11-1 (unimportant) [bullseye] - linux 5.10.120-1 NOTE: https://git.kernel.org/linus/d270453a0d9ec10bb8a802a142fb1b3601a83098 (5.18-rc6) @@ -10635,7 +10643,7 @@ CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/d NOT-FOR-US: jgraph/drawio CVE-2022-1729 [perf: Fix sys_perf_event_open() race against self] RESERVED - {DSA-5161-1 DLA-3065-1} + {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.17.11-1 NOTE: https://www.openwall.com/lists/oss-security/2022/05/20/2 NOTE: https://git.kernel.org/linus/3ac6487e584a1eb54071dbe1212e05b884136704 @@ -11556,7 +11564,7 @@ CVE-2022-1678 (An issue was discovered in the Linux Kernel from 4.18 to 4.19, an NOTE: https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/ NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0a70f118475e037732557796accd0878a00fc25a CVE-2022-30594 (The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTR ...) - {DLA-3065-1} + {DSA-5173-1 DLA-3065-1} - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2276 @@ -11704,6 +11712,7 @@ CVE-2022-1654 (Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 a CVE-2022-1653 (The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 do ...) NOT-FOR-US: WordPress plugin CVE-2022-1652 (Linux Kernel could allow a local attacker to execute arbitrary code on ...) + {DSA-5173-1} - linux 5.17.11-1 [bullseye] - linux 5.10.120-1 NOTE: https://www.openwall.com/lists/oss-security/2022/05/10/1 @@ -13602,7 +13611,7 @@ CVE-2022-1518 (LRM contains a directory traversal vulnerability that can allow a CVE-2022-1517 (LRM utilizes elevated privileges. An unauthenticated malicious actor c ...) NOT-FOR-US: LRM CVE-2022-1516 (A NULL pointer dereference flaw was found in the Linux kernel’s ...) - {DSA-5127-1 DLA-3065-1} + {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.17.3-1 (unimportant) NOTE: Fixed by: https://git.kernel.org/linus/7781607938c8371d4c2b243527430241c62e39c2 (5.18-rc1) NOTE: CONFIG_X25 is not set in Debian @@ -14518,6 +14527,7 @@ CVE-2022-29583 (service_windows.go in the kardianos service package for Go omits - golang-github-kardianos-service (Windows-specific issue) NOTE: https://github.com/kardianos/service/pull/290 CVE-2022-29581 (Improper Update of Reference Count vulnerability in net/sched of Linux ...) + {DSA-5173-1} - linux 5.17.6-1 [bullseye] - linux 5.10.113-1 [stretch] - linux (Vulnerable code not present) @@ -14712,6 +14722,7 @@ CVE-2022-29529 (An issue was discovered in MISP before 2.4.158. There is stored CVE-2022-29528 (An issue was discovered in MISP before 2.4.158. PHAR deserialization c ...) NOT-FOR-US: MISP CVE-2022-1419 (The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_ ...) + {DSA-5173-1} - linux 5.5.13-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/21/1 NOTE: Fixed by: https://git.kernel.org/linus/4b848f20eda5974020f043ca14bacf7a7e634fc8 (5.6-rc2) @@ -15451,7 +15462,7 @@ CVE-2022-1354 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/319 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798 CVE-2022-1353 (A vulnerability was found in the pfkey_register function in net/key/af ...) - {DSA-5127-1 DLA-3065-1} + {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.17.3-1 NOTE: https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17) CVE-2022-1352 (Due to an insecure direct object reference vulnerability in Gitlab EE/ ...) @@ -17833,16 +17844,16 @@ CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitr [stretch] - busybox (Minor issue) NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kerne ...) - {DSA-5127-1 DLA-3065-1} + {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.17.3-1 NOTE: https://git.kernel.org/linus/c70222752228a62135cee3409dccefd494a24646 (5.18-rc1) CVE-2022-28389 (mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux ker ...) - {DSA-5127-1} + {DSA-5173-1 DSA-5127-1} - linux 5.17.3-1 [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/04c9b00ba83594a29813d6b1fb8fdc93a3915174 (5.18-rc1) CVE-2022-28388 (usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux ker ...) - {DSA-5127-1} + {DSA-5173-1 DSA-5127-1} - linux 5.17.3-1 NOTE: https://git.kernel.org/linus/3d3925ff6433f98992685a9679613a2cc97f3ce2 (5.18-rc1) CVE-2022-28387 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) @@ -17939,7 +17950,7 @@ CVE-2022-28358 CVE-2022-28357 RESERVED CVE-2022-28356 (In the Linux kernel before 5.17.1, a refcount leak bug was found in ne ...) - {DSA-5127-1 DLA-3065-1} + {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.16.18-1 NOTE: https://git.kernel.org/linus/764f4eb6846f5475f1244767d24d25dd86528a4a NOTE: https://www.openwall.com/lists/oss-security/2022/04/06/1 @@ -18034,12 +18045,12 @@ CVE-2022-1206 RESERVED CVE-2022-1205 RESERVED - {DSA-5127-1} + {DSA-5173-1 DSA-5127-1} - linux 5.17.6-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/4 CVE-2022-1204 RESERVED - {DSA-5127-1} + {DSA-5173-1 DSA-5127-1} - linux 5.17.3-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/2 CVE-2022-1203 (The Content Mask WordPress plugin before 1.8.4.1 does not have authori ...) @@ -18207,13 +18218,13 @@ CVE-2022-28281 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28281 CVE-2022-1199 RESERVED - {DSA-5127-1 DLA-3065-1} + {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.16.18-1 [buster] - linux 4.19.235-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/5 CVE-2022-1198 RESERVED - {DSA-5127-1 DLA-3065-1} + {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.16.18-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/3 CVE-2022-1197 @@ -18229,7 +18240,7 @@ CVE-2022-1196 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1196 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1196 CVE-2022-1195 (A use-after-free vulnerability was found in the Linux kernel in driver ...) - {DSA-5127-1} + {DSA-5173-1 DSA-5127-1} - linux 5.15.15-1 [buster] - linux 4.19.232-1 [stretch] - linux 4.9.303-1 @@ -18450,6 +18461,7 @@ CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in Gi - gitlab CVE-2022-1184 RESERVED + {DSA-5173-1} - linux 5.18.5-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205 CVE-2022-1183 (On vulnerable configurations, the named daemon may, in some circumstan ...) @@ -20169,7 +20181,7 @@ CVE-2022-1057 CVE-2021-46739 RESERVED CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformation code ...) - {DSA-5127-1} + {DSA-5173-1 DSA-5127-1} - linux 5.16.18-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8) @@ -20276,7 +20288,7 @@ CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The p NOTE: https://github.com/ClusterLabs/pcs/commit/fb860005117dc9e092649687dfa1304fb423efc5 NOTE: Introduced by https://github.com/ClusterLabs/pcs/commit/8378cf1a81efc0cd421483234943057e2be0a8ed (v0.10) CVE-2022-1048 (A use-after-free flaw was found in the Linux kernel’s sound subs ...) - {DSA-5127-1} + {DSA-5173-1 DSA-5127-1} - linux 5.16.18-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066706 NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/4 @@ -21332,7 +21344,7 @@ CVE-2022-1017 RESERVED CVE-2022-1016 RESERVED - {DSA-5127-1 DLA-3065-1} + {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.16.18-1 NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/5 NOTE: Fixed by: https://git.kernel.org/linus/4c905f6740a365464e91467aa50916555b28213d @@ -21351,11 +21363,11 @@ CVE-2022-1013 (The Personal Dictionary WordPress plugin before 1.3.4 fails to pr NOT-FOR-US: WordPress plugin CVE-2022-1012 RESERVED - {DSA-5161-1 DLA-3065-1} + {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.17.11-1 NOTE: https://git.kernel.org/linus/b2d057560b8107c633b39aabe517ff9d93f285e3 (5.18-rc6) CVE-2022-1011 (A use-after-free flaw was found in the Linux kernel’s FUSE files ...) - {DLA-3065-1} + {DSA-5173-1 DLA-3065-1} - linux 5.16.18-1 [bullseye] - linux 5.10.106-1 NOTE: https://git.kernel.org/linus/0c4bcfdecb1ac0967619ee7ff44871d93c08c909 (5.17-rc8) @@ -23421,7 +23433,7 @@ CVE-2022-26495 (In nbd-server in nbd before 3.24, there is an integer overflow w NOTE: https://lists.debian.org/nbd/2022/01/msg00037.html CVE-2022-26494 (An XSS was identified in the Admin Web interface of PrimeKey SignServe ...) NOT-FOR-US: PrimeKey SignServer -CVE-2022-26493 (Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Si ...) +CVE-2022-26493 (Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP ...) NOT-FOR-US: Drupal SAML provider CVE-2022-26492 RESERVED @@ -23450,7 +23462,7 @@ CVE-2020-36517 (An information leak in Nabu Casa Home Assistant Operating System CVE-2022-0868 (Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. ...) NOT-FOR-US: Node urijs CVE-2022-26490 (st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in t ...) - {DSA-5127-1 DLA-3065-1} + {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.16.18-1 NOTE: https://git.kernel.org/linus/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1) CVE-2022-26486 @@ -23662,7 +23674,7 @@ CVE-2022-0856 (libcaca is affected by a Divide By Zero issue via img2txt, which CVE-2022-0855 (Improper Resolution of Path Equivalence in GitHub repository microwebe ...) NOT-FOR-US: microweber (whmcs_plugin) CVE-2022-0854 (A memory leak flaw was found in the Linux kernel’s DMA subsystem ...) - {DSA-5161-1 DLA-3065-1} + {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.17.3-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058395 NOTE: https://git.kernel.org/linus/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e (5.17-rc6) @@ -24400,7 +24412,7 @@ CVE-2022-26057 (Vulnerabilities in the Mint WorkBench allow a low privileged att NOT-FOR-US: Mind Workbench CVE-2022-0812 [NFS over RDMA random memory leakage] RESERVED - {DLA-3065-1} + {DSA-5173-1 DLA-3065-1} - linux 5.7.10-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058955 NOTE: https://git.kernel.org/linus/912288442cb2f431bf3c8cb097a5de83bc6dbac1 (5.8-rc6) @@ -29534,7 +29546,7 @@ CVE-2022-0496 CVE-2022-0495 RESERVED CVE-2022-0494 (A kernel information leak flaw was identified in the scsi_ioctl functi ...) - {DSA-5161-1 DLA-3065-1} + {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.16.14-1 NOTE: https://git.kernel.org/linus/cc8f7fe1f5eab010191aa4570f27641876fa1267 (5.17-rc5) CVE-2022-0493 (The String locator WordPress plugin before 2.5.0 does not properly val ...) @@ -31281,7 +31293,7 @@ CVE-2022-23962 CVE-2022-23961 RESERVED CVE-2022-23960 (Certain Arm Cortex and Neoverse processors through 2022-03-08 do not p ...) - {DLA-3065-1} + {DSA-5173-1 DLA-3065-1} - linux 5.16.14-1 [bullseye] - linux 5.10.106-1 [buster] - linux 4.19.235-1 @@ -37675,7 +37687,7 @@ CVE-2021-45986 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to CVE-2021-45985 RESERVED CVE-2021-4197 (An unprivileged write to the file handler flaw in the Linux kernel's c ...) - {DSA-5127-1} + {DSA-5173-1 DSA-5127-1} - linux 5.15.15-1 NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652 @@ -47049,7 +47061,7 @@ CVE-2022-21180 (Improper input validation for some Intel(R) Processors may allow NOT-FOR-US: Intel NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html CVE-2022-21166 (Incomplete cleanup in specific special register write operations for s ...) - {DLA-3065-1} + {DSA-5173-1 DLA-3065-1} - intel-microcode 3.20220510.1 - linux 5.18.5-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html @@ -47062,7 +47074,7 @@ CVE-2022-21127 (Incomplete cleanup in specific special register read operations NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SRBDS-Update NOTE: https://xenbits.xen.org/xsa/advisory-404.html CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some Intel(R) ...) - {DLA-3065-1} + {DSA-5173-1 DLA-3065-1} - intel-microcode 3.20220510.1 - linux 5.18.5-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html @@ -47070,7 +47082,7 @@ CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some In NOTE: Linux kernel documentation patch: https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6 NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-404.html CVE-2022-21123 (Incomplete cleanup of multi-core shared buffers for some Intel(R) Proc ...) - {DLA-3065-1} + {DSA-5173-1 DLA-3065-1} - intel-microcode 3.20220510.1 - linux 5.18.5-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html -- cgit v1.2.3