[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 2 20:10:46 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
70c29c14 by security tracker role at 2022-12-02T20:10:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2022-46378
+ RESERVED
+CVE-2022-46377
+ RESERVED
+CVE-2022-46376
+ RESERVED
+CVE-2022-46375
+ RESERVED
+CVE-2022-46374
+ RESERVED
+CVE-2022-46373
+ RESERVED
+CVE-2022-46372
+ RESERVED
+CVE-2022-46371
+ RESERVED
+CVE-2022-46370
+ RESERVED
+CVE-2022-46369
+ RESERVED
+CVE-2022-46368
+ RESERVED
+CVE-2022-46367
+ RESERVED
+CVE-2022-46365
+ RESERVED
+CVE-2022-46364
+ RESERVED
+CVE-2022-46363
+ RESERVED
+CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...)
+ TODO: check
+CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files Web ver ...)
+ TODO: check
+CVE-2022-4269
+ RESERVED
+CVE-2022-4268
+ RESERVED
+CVE-2022-4267
+ RESERVED
+CVE-2022-4266
+ RESERVED
+CVE-2022-4265
+ RESERVED
+CVE-2022-4264
+ RESERVED
+CVE-2022-4263
+ RESERVED
CVE-2022-XXXX [node-d3-color redos]
- node-d3-color 1.2.8-5
[bullseye] - node-d3-color <no-dsa> (Minor issue)
@@ -238,7 +286,7 @@ CVE-2022-4247 (A vulnerability classified as critical was found in Movie Ticket
NOT-FOR-US: Movie Ticket Booking System
CVE-2022-4246 (A vulnerability classified as problematic has been found in Kakao PotP ...)
NOT-FOR-US: Kakao PotPlayer
-CVE-2022-46366
+CVE-2022-46366 (** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserializa ...)
NOT-FOR-US: Apache Tapestry
CVE-2022-46361
RESERVED
@@ -811,8 +859,8 @@ CVE-2022-46169
RESERVED
CVE-2022-46168
RESERVED
-CVE-2022-46167
- RESERVED
+CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for Kubernetes. ...)
+ TODO: check
CVE-2022-46166
RESERVED
CVE-2022-46165
@@ -827,8 +875,8 @@ CVE-2022-46161
RESERVED
CVE-2022-46160
RESERVED
-CVE-2022-46159
- RESERVED
+CVE-2022-46159 (Discourse is an open-source discussion platform. In version 2.8.13 and ...)
+ TODO: check
CVE-2022-46158
RESERVED
CVE-2022-46157
@@ -863,8 +911,8 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build export
NOTE: https://www.openwall.com/lists/oss-security/2022/11/29/1
NOTE: https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p
NOTE: https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 (v0.8.2)
-CVE-2022-46145
- RESERVED
+CVE-2022-46145 (authentik is an open-source identity provider. Versions prior to 2022. ...)
+ TODO: check
CVE-2022-46144
RESERVED
CVE-2022-46143
@@ -2011,74 +2059,74 @@ CVE-2022-45676
RESERVED
CVE-2022-45675
RESERVED
-CVE-2022-45674
- RESERVED
-CVE-2022-45673
- RESERVED
-CVE-2022-45672
- RESERVED
-CVE-2022-45671
- RESERVED
-CVE-2022-45670
- RESERVED
-CVE-2022-45669
- RESERVED
-CVE-2022-45668
- RESERVED
-CVE-2022-45667
- RESERVED
+CVE-2022-45674 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery ...)
+ TODO: check
+CVE-2022-45673 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery ...)
+ TODO: check
+CVE-2022-45672 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...)
+ TODO: check
+CVE-2022-45671 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...)
+ TODO: check
+CVE-2022-45670 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...)
+ TODO: check
+CVE-2022-45669 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...)
+ TODO: check
+CVE-2022-45668 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...)
+ TODO: check
+CVE-2022-45667 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...)
+ TODO: check
CVE-2022-45666
RESERVED
CVE-2022-45665
RESERVED
-CVE-2022-45664
- RESERVED
-CVE-2022-45663
- RESERVED
+CVE-2022-45664 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...)
+ TODO: check
+CVE-2022-45663 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...)
+ TODO: check
CVE-2022-45662
RESERVED
-CVE-2022-45661
- RESERVED
-CVE-2022-45660
- RESERVED
-CVE-2022-45659
- RESERVED
-CVE-2022-45658
- RESERVED
-CVE-2022-45657
- RESERVED
-CVE-2022-45656
- RESERVED
-CVE-2022-45655
- RESERVED
-CVE-2022-45654
- RESERVED
-CVE-2022-45653
- RESERVED
-CVE-2022-45652
- RESERVED
-CVE-2022-45651
- RESERVED
-CVE-2022-45650
- RESERVED
-CVE-2022-45649
- RESERVED
-CVE-2022-45648
- RESERVED
-CVE-2022-45647
- RESERVED
-CVE-2022-45646
- RESERVED
-CVE-2022-45645
- RESERVED
-CVE-2022-45644
- RESERVED
-CVE-2022-45643
- RESERVED
+CVE-2022-45661 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45660 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45659 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45658 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45657 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45656 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45655 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45654 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45653 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45652 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45651 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45650 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45649 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45648 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45647 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45646 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45645 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45644 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2022-45643 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...)
+ TODO: check
CVE-2022-45642
RESERVED
-CVE-2022-45641
- RESERVED
+CVE-2022-45641 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSe ...)
+ TODO: check
CVE-2022-45640 (Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Cause ...)
NOT-FOR-US: Tenda
CVE-2022-45639
@@ -2491,14 +2539,14 @@ CVE-2022-4064 (A vulnerability was found in Dalli. It has been classified as pro
NOTE: https://github.com/petergoldstein/dalli/pull/933
NOTE: Introduced after: https://github.com/petergoldstein/dalli/commit/5588d98f79eb04a9abcaeeff3263e08f93468b30 (v3.2.0)
NOTE: Fixed by: https://github.com/petergoldstein/dalli/commit/48d594dae55934476fec61789e7a7c3700e0f50d (v3.2.3)
-CVE-2022-45483
- RESERVED
-CVE-2022-45482
- RESERVED
+CVE-2022-45483 (Lazy Mouse allows an attacker (in a man in the middle position between ...)
+ TODO: check
+CVE-2022-45482 (Lazy Mouse server enforces weak password requirements and doesn't impl ...)
+ TODO: check
CVE-2022-45481
RESERVED
-CVE-2022-45480
- RESERVED
+CVE-2022-45480 (PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-m ...)
+ TODO: check
CVE-2022-45479
RESERVED
CVE-2022-45478
@@ -3490,8 +3538,8 @@ CVE-2022-45217
RESERVED
CVE-2022-45216
RESERVED
-CVE-2022-45215
- RESERVED
+CVE-2022-45215 (A cross-site scripting (XSS) vulnerability in Book Store Management Sy ...)
+ TODO: check
CVE-2022-45214 (A cross-site scripting (XSS) vulnerability in Sanitization Management ...)
NOT-FOR-US: Sanitization Management System
CVE-2022-45213
@@ -6944,18 +6992,18 @@ CVE-2022-44369
RESERVED
CVE-2022-44368
RESERVED
-CVE-2022-44367
- RESERVED
-CVE-2022-44366
- RESERVED
-CVE-2022-44365
- RESERVED
+CVE-2022-44367 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...)
+ TODO: check
+CVE-2022-44366 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...)
+ TODO: check
+CVE-2022-44365 (Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /gofo ...)
+ TODO: check
CVE-2022-44364
RESERVED
-CVE-2022-44363
- RESERVED
-CVE-2022-44362
- RESERVED
+CVE-2022-44363 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...)
+ TODO: check
+CVE-2022-44362 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...)
+ TODO: check
CVE-2022-44361
RESERVED
CVE-2022-44360
@@ -6982,14 +7030,14 @@ CVE-2022-44350
RESERVED
CVE-2022-44349
RESERVED
-CVE-2022-44348
- RESERVED
-CVE-2022-44347
- RESERVED
+CVE-2022-44348 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-44347 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
CVE-2022-44346
RESERVED
-CVE-2022-44345
- RESERVED
+CVE-2022-44345 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
CVE-2022-44344
RESERVED
CVE-2022-44343
@@ -7124,8 +7172,8 @@ CVE-2022-44279 (Garage Management System v1.0 is vulnerable to Cross Site Script
NOT-FOR-US: Garage Management System
CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
NOT-FOR-US: Sanitization Management System
-CVE-2022-44277
- RESERVED
+CVE-2022-44277 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
CVE-2022-44276
RESERVED
CVE-2022-44275
@@ -11119,8 +11167,8 @@ CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All vers
NOT-FOR-US: Siemens
CVE-2022-43396
RESERVED
-CVE-2022-3591
- RESERVED
+CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. ...)
+ TODO: check
CVE-2022-3590
RESERVED
CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...)
@@ -11438,8 +11486,8 @@ CVE-2022-43274
RESERVED
CVE-2022-43273
RESERVED
-CVE-2022-43272
- RESERVED
+CVE-2022-43272 (DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Ass ...)
+ TODO: check
CVE-2022-43271
RESERVED
CVE-2022-43270
@@ -12260,8 +12308,8 @@ CVE-2022-42964 (An exponential ReDoS (Regular Expression Denial of Service) can
- pymatgen <unfixed> (bug #1024017)
NOTE: https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/
NOTE: Doesn't seem to be reported upstream so far
-CVE-2022-3520
- RESERVED
+CVE-2022-3520 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
+ TODO: check
CVE-2022-3519 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: SourceCodester Sanitization Management System
CVE-2022-3518 (A vulnerability classified as problematic has been found in SourceCode ...)
@@ -16012,7 +16060,7 @@ CVE-2022-38099 (Improper input validation in BIOS firmware for some Intel(R) NUC
NOT-FOR-US: Intel
CVE-2022-3328
RESERVED
- {DSA-5292-1}
+ {DSA-5292-1 DLA-3215-1}
- snapd 2.57.6-1
NOTE: https://github.com/snapcore/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d (2.57.6)
NOTE: https://github.com/snapcore/snapd/commit/21ebc51f00b8a1417888faa2e83a372fd29d0f5e (2.57.6)
@@ -24940,10 +24988,10 @@ CVE-2022-38177 (By spoofing the target resolver with responses that have a malfo
NOTE: https://kb.isc.org/docs/cve-2022-38177
NOTE: Fixed by (while refactoring): https://gitlab.isc.org/isc-projects/bind9/-/commit/d4eb6e0a57a7eeb42328ff66865fa66688603c17 (v9_17_20)
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/5b2282afff760b1ed3471f6666bdfe8e1d34e590 (v9_16_33)
-CVE-2022-2808
- RESERVED
-CVE-2022-2807
- RESERVED
+CVE-2022-2808 (Algan Yazılım Prens Student Information System product has a ...)
+ TODO: check
+CVE-2022-2807 (Algan Yazılım Prens Student Information System product has a ...)
+ TODO: check
CVE-2022-2806 (It was found that the ovirt-log-collector/sosreport collects the RHV a ...)
NOT-FOR-US: ovirt-log-collector
CVE-2022-2805 (A flaw was found in ovirt-engine, which leads to the logging of plaint ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70c29c1457b3adc33424a3a19c7b646992dcdd2e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70c29c1457b3adc33424a3a19c7b646992dcdd2e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221202/1197a2cb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list