[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 1 08:10:27 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4b046102 by security tracker role at 2022-12-01T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2022-46361
+ RESERVED
+CVE-2022-43485
+ RESERVED
+CVE-2022-4245
+ RESERVED
+CVE-2022-4244
+ RESERVED
+CVE-2022-4243
+ RESERVED
+CVE-2022-4242
+ RESERVED
+CVE-2022-4241
+ RESERVED
+CVE-2022-4240
+ RESERVED
CVE-2022-46359
RESERVED
CVE-2022-46358
@@ -560,8 +576,8 @@ CVE-2022-46164
RESERVED
CVE-2022-46163
RESERVED
-CVE-2022-46162
- RESERVED
+CVE-2022-46162 (discourse-bbcode is the official BBCode plugin for Discourse. Prior to ...)
+ TODO: check
CVE-2022-46161
RESERVED
CVE-2022-46160
@@ -572,8 +588,8 @@ CVE-2022-46158
RESERVED
CVE-2022-46157
RESERVED
-CVE-2022-46156
- RESERVED
+CVE-2022-46156 (The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring appl ...)
+ TODO: check
CVE-2022-46155 (Airtable.js is the JavaScript client for Airtable. Prior to version 0. ...)
TODO: check
CVE-2022-46154
@@ -1813,8 +1829,8 @@ CVE-2022-45642
RESERVED
CVE-2022-45641
RESERVED
-CVE-2022-45640
- RESERVED
+CVE-2022-45640 (Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Cause ...)
+ TODO: check
CVE-2022-45639
RESERVED
CVE-2022-45638
@@ -3824,8 +3840,8 @@ CVE-2022-3892
RESERVED
CVE-2022-3891
RESERVED
-CVE-2022-45045
- RESERVED
+CVE-2022-45045 (Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.1 ...)
+ TODO: check
CVE-2022-3890 (Heap buffer overflow in Crashpad in Google Chrome on Android prior to ...)
{DSA-5275-1}
- chromium 107.0.5304.110-1
@@ -6264,10 +6280,10 @@ CVE-2022-44535
RESERVED
CVE-2022-44534
RESERVED
-CVE-2022-44533
- RESERVED
-CVE-2022-44532
- RESERVED
+CVE-2022-44533 (A vulnerability in the Aruba EdgeConnect Enterprise web management int ...)
+ TODO: check
+CVE-2022-44532 (An authenticated path traversal vulnerability exists in the Aruba Edge ...)
+ TODO: check
CVE-2022-3785 (A vulnerability, which was classified as critical, has been found in A ...)
NOT-FOR-US: Bento4
CVE-2022-3784 (A vulnerability classified as critical was found in Axiomatic Bento4 5 ...)
@@ -6874,8 +6890,8 @@ CVE-2022-44264
RESERVED
CVE-2022-44263
RESERVED
-CVE-2022-44262
- RESERVED
+CVE-2022-44262 (ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). ...)
+ TODO: check
CVE-2022-44261
RESERVED
CVE-2022-44260 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
@@ -10351,10 +10367,10 @@ CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q100 (A
NOT-FOR-US: Siemens
CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
NOT-FOR-US: Siemens
-CVE-2022-43542
- RESERVED
-CVE-2022-43541
- RESERVED
+CVE-2022-43542 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...)
+ TODO: check
+CVE-2022-43541 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...)
+ TODO: check
CVE-2022-43540
RESERVED
CVE-2022-43539
@@ -10399,8 +10415,8 @@ CVE-2022-43520
RESERVED
CVE-2022-43519
RESERVED
-CVE-2022-43518
- RESERVED
+CVE-2022-43518 (An authenticated path traversal vulnerability exists in the Aruba Edge ...)
+ TODO: check
CVE-2022-43517
RESERVED
CVE-2022-43516
@@ -13435,8 +13451,8 @@ CVE-2022-42448
RESERVED
CVE-2022-42447
RESERVED
-CVE-2022-42446
- RESERVED
+CVE-2022-42446 (Starting with Sametime 12, anonymous users are enabled by default. Aft ...)
+ TODO: check
CVE-2022-42445 (HCL Launch could allow a user with administrative privileges, includin ...)
NOT-FOR-US: HCL
CVE-2022-42444
@@ -14994,8 +15010,8 @@ CVE-2022-40965 (The affected product DIAEnergie (versions prior to v1.9.01.002)
NOT-FOR-US: DIAEnergie
CVE-2022-40703 (CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Ka ...)
NOT-FOR-US: AliveCor Kardia App
-CVE-2022-40204
- RESERVED
+CVE-2022-40204 (A cross-site scripting (XSS) vulnerability exists in all current versi ...)
+ TODO: check
CVE-2022-40202 (The database backup function in Delta Electronics InfraSuite Device Ma ...)
NOT-FOR-US: Delta Electronics
CVE-2022-40201
@@ -17345,8 +17361,8 @@ CVE-2022-40851 (Tenda AC15 V15.03.05.19 contained a stack overflow via the funct
NOT-FOR-US: Tenda
CVE-2022-40850
RESERVED
-CVE-2022-40849
- RESERVED
+CVE-2022-40849 (ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS ...)
+ TODO: check
CVE-2022-40848
RESERVED
CVE-2022-40847 (In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a ...)
@@ -18283,8 +18299,8 @@ CVE-2022-40491
RESERVED
CVE-2022-40490
RESERVED
-CVE-2022-40489
- RESERVED
+CVE-2022-40489 (ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CS ...)
+ TODO: check
CVE-2022-40488 (ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Fo ...)
NOT-FOR-US: ProcessWire
CVE-2022-40487 (ProcessWire v3.0.200 was discovered to contain multiple cross-site scr ...)
@@ -25184,22 +25200,22 @@ CVE-2022-37928 (Insufficient Verification of Data Authenticity vulnerability in
NOT-FOR-US: HPE
CVE-2022-37927 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in H ...)
NOT-FOR-US: HPE
-CVE-2022-37926
- RESERVED
-CVE-2022-37925
- RESERVED
-CVE-2022-37924
- RESERVED
-CVE-2022-37923
- RESERVED
-CVE-2022-37922
- RESERVED
-CVE-2022-37921
- RESERVED
-CVE-2022-37920
- RESERVED
-CVE-2022-37919
- RESERVED
+CVE-2022-37926 (A vulnerability within the web-based management interface of EdgeConne ...)
+ TODO: check
+CVE-2022-37925 (A vulnerability within the web-based management interface of Aruba Edg ...)
+ TODO: check
+CVE-2022-37924 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...)
+ TODO: check
+CVE-2022-37923 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...)
+ TODO: check
+CVE-2022-37922 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...)
+ TODO: check
+CVE-2022-37921 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...)
+ TODO: check
+CVE-2022-37920 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...)
+ TODO: check
+CVE-2022-37919 (A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An ...)
+ TODO: check
CVE-2022-37918
RESERVED
CVE-2022-37917
@@ -28921,8 +28937,8 @@ CVE-2022-36433 (The blog-post creation functionality in the Amasty Blog Pro 2.10
TODO: check
CVE-2022-36432 (The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Mag ...)
NOT-FOR-US: Amasty Blog Pro plugin for Magento
-CVE-2022-36431
- RESERVED
+CVE-2022-36431 (An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise ...)
+ TODO: check
CVE-2022-36430
RESERVED
CVE-2022-2527 (An issue in Incident Timelines has been discovered in GitLab CE/EE aff ...)
@@ -96315,7 +96331,8 @@ CVE-2021-38578 (Existing CommBuffer checks in SmmEntryPoint will not catch under
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3387 (private)
NOTE: https://edk2.groups.io/g/devel/message/90516
-CVE-2021-38577 (Heap Overflow in BaseBmpSupportLib. ...)
+CVE-2021-38577
+ REJECTED
- edk2 <unfixed> (bug #1014468)
[bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
@@ -183734,6 +183751,7 @@ CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core & C
CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfaces of ...)
NOT-FOR-US: Sophos
CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affect ...)
+ {DLA-3214-1}
[experimental] - libraw 0.20.0-1
- libraw 0.20.0-4 (bug #964747)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477
@@ -227956,8 +227974,8 @@ CVE-2019-18267 (An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S
NOT-FOR-US: GE
CVE-2019-18266
RESERVED
-CVE-2019-18265
- RESERVED
+CVE-2019-18265 (Digital Alert Systems’ DASDEC software prior to version 4.1 cont ...)
+ TODO: check
CVE-2019-18264
RESERVED
CVE-2019-18263 (An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b0461025156e2baf3162e8c2678cb4c41a064ef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b0461025156e2baf3162e8c2678cb4c41a064ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221201/85b698de/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list