[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 7 20:10:32 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
56af3fe8 by security tracker role at 2022-12-07T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2022-46768
+ RESERVED
+CVE-2022-46767
+ RESERVED
+CVE-2022-46766
+ RESERVED
+CVE-2022-46765
+ RESERVED
+CVE-2022-46764
+ RESERVED
+CVE-2022-46763
+ RESERVED
+CVE-2022-46762
+ RESERVED
+CVE-2022-46761
+ RESERVED
+CVE-2022-46760
+ RESERVED
+CVE-2022-46759
+ RESERVED
+CVE-2022-46758
+ RESERVED
+CVE-2022-46757
+ RESERVED
+CVE-2022-46756
+ RESERVED
+CVE-2022-46755
+ RESERVED
+CVE-2022-46754
+ RESERVED
+CVE-2022-46753
+ RESERVED
+CVE-2022-46752
+ RESERVED
+CVE-2022-46751
+ RESERVED
+CVE-2022-4340
+ RESERVED
+CVE-2022-4339
+ RESERVED
+CVE-2022-4338
+ RESERVED
+CVE-2022-4337
+ RESERVED
+CVE-2022-4336
+ RESERVED
+CVE-2022-4335
+ RESERVED
+CVE-2022-4334
+ RESERVED
+CVE-2022-4333
+ RESERVED
+CVE-2022-4332
+ RESERVED
+CVE-2022-4331
+ RESERVED
+CVE-2022-4330
+ RESERVED
+CVE-2022-4329
+ RESERVED
+CVE-2022-4328
+ RESERVED
+CVE-2022-4327
+ RESERVED
+CVE-2022-4326
+ RESERVED
+CVE-2022-4325
+ RESERVED
+CVE-2022-4324
+ RESERVED
+CVE-2022-4323
+ RESERVED
+CVE-2018-25048
+ RESERVED
CVE-2023-21673
RESERVED
CVE-2023-21672
@@ -114,10 +188,10 @@ CVE-2022-46744
RESERVED
CVE-2022-46743
RESERVED
-CVE-2022-46742
- RESERVED
-CVE-2022-46741
- RESERVED
+CVE-2022-46742 (Code injection in paddle.audio.functional.get_window in PaddlePaddle 2 ...)
+ TODO: check
+CVE-2022-46741 (Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. ...)
+ TODO: check
CVE-2022-46740
RESERVED
CVE-2022-46728
@@ -200,26 +274,19 @@ CVE-2022-46690
RESERVED
CVE-2022-46689
RESERVED
-CVE-2022-46688
- RESERVED
+CVE-2022-46688 (A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Ger ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-46687
- RESERVED
+CVE-2022-46687 (Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build d ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-46686
- RESERVED
+CVE-2022-46686 (Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-46685
- RESERVED
+CVE-2022-46685 (In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-46684
- RESERVED
+CVE-2022-46684 (Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values r ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-46683
- RESERVED
+CVE-2022-46683 (Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-46682
- RESERVED
+CVE-2022-46682 (Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML pars ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-46681
RESERVED
@@ -2447,8 +2514,8 @@ CVE-2022-45911
CVE-2022-4145
RESERVED
NOT-FOR-US: OpenShift
-CVE-2022-45910
- RESERVED
+CVE-2022-45910 (Improper neutralization of special elements used in an LDAP query ('LD ...)
+ TODO: check
CVE-2022-45909 (drachtio-server 0.8.18 has a heap-based buffer over-read via a long Re ...)
NOT-FOR-US: drachtio-server
CVE-2022-45908 (In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vuln ...)
@@ -3309,8 +3376,8 @@ CVE-2022-45552
RESERVED
CVE-2022-45551
RESERVED
-CVE-2022-45550
- RESERVED
+CVE-2022-45550 (AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). ...)
+ TODO: check
CVE-2022-45549
RESERVED
CVE-2022-45548 (AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. ...)
@@ -4537,8 +4604,8 @@ CVE-2022-45219
RESERVED
CVE-2022-45218 (Human Resource Management System v1.0.0 was discovered to contain a cr ...)
NOT-FOR-US: Human Resource Management System
-CVE-2022-45217
- RESERVED
+CVE-2022-45217 (A cross-site scripting (XSS) vulnerability in Book Store Management Sy ...)
+ TODO: check
CVE-2022-45216
RESERVED
CVE-2022-45215 (A cross-site scripting (XSS) vulnerability in Book Store Management Sy ...)
@@ -7946,8 +8013,8 @@ CVE-2022-44395
RESERVED
CVE-2022-44394
RESERVED
-CVE-2022-44393
- RESERVED
+CVE-2022-44393 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
CVE-2022-44392
RESERVED
CVE-2022-44391
@@ -7986,12 +8053,12 @@ CVE-2022-44375
RESERVED
CVE-2022-44374
RESERVED
-CVE-2022-44373
- RESERVED
+CVE-2022-44373 (A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upg ...)
+ TODO: check
CVE-2022-44372
RESERVED
-CVE-2022-44371
- RESERVED
+CVE-2022-44371 (hope-boot 1.0.0 has a deserialization vulnerability that can cause Rem ...)
+ TODO: check
CVE-2022-44370
RESERVED
CVE-2022-44369
@@ -8010,8 +8077,8 @@ CVE-2022-44363 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /
NOT-FOR-US: Tenda
CVE-2022-44362 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...)
NOT-FOR-US: Tenda
-CVE-2022-44361
- RESERVED
+CVE-2022-44361 (An issue was discovered in ZZCMS 2022. There is a cross-site scripting ...)
+ TODO: check
CVE-2022-44360
RESERVED
CVE-2022-44359
@@ -8030,8 +8097,8 @@ CVE-2022-44353
RESERVED
CVE-2022-44352
RESERVED
-CVE-2022-44351
- RESERVED
+CVE-2022-44351 (Skycaiji v2.5.1 was discovered to contain a deserialization vulnerabil ...)
+ TODO: check
CVE-2022-44350
RESERVED
CVE-2022-44349
@@ -11612,8 +11679,8 @@ CVE-2022-43583
RESERVED
CVE-2022-43582
RESERVED
-CVE-2022-43581
- RESERVED
+CVE-2022-43581 (IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, ...)
+ TODO: check
CVE-2022-43580
RESERVED
CVE-2022-43579
@@ -11923,8 +11990,8 @@ CVE-2022-3643 (Guests can trigger NIC interface reset/abort/crash via netback It
NOTE: https://git.kernel.org/linus/ad7f402ae4f466647c3a669b8a6f3e5d4271c84a
CVE-2022-3642
REJECTED
-CVE-2022-3641
- RESERVED
+CVE-2022-3641 (Elevation of privilege in the Azure SQL Data Source in Devolutions Rem ...)
+ TODO: check
CVE-2022-36401
RESERVED
CVE-2022-3640 (A vulnerability, which was classified as critical, was found in Linux ...)
@@ -14730,8 +14797,8 @@ CVE-2022-42467 (When running in prototype mode, the h2 webconsole module (access
NOT-FOR-US: Apache Isis
CVE-2022-42466 (Prior to 2.0.0-M9, it was possible for an end-user to set the value of ...)
NOT-FOR-US: Apache Isis
-CVE-2022-42458
- RESERVED
+CVE-2022-42458 (Authentication bypass using an alternate path or channel vulnerability ...)
+ TODO: check
CVE-2022-42001 (Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extensi ...)
NOT-FOR-US: Bluespice extension
CVE-2022-42000 (Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile ext ...)
@@ -16644,8 +16711,8 @@ CVE-2022-41737
RESERVED
CVE-2022-41736
RESERVED
-CVE-2022-41735
- RESERVED
+CVE-2022-41735 (IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through ...)
+ TODO: check
CVE-2022-41734
RESERVED
CVE-2022-41733
@@ -16674,8 +16741,8 @@ CVE-2022-41722
RESERVED
CVE-2022-41721
RESERVED
-CVE-2022-41720
- RESERVED
+CVE-2022-41720 (On Windows, restricted files can be accessed via os.DirFS and http.Dir ...)
+ TODO: check
CVE-2022-41719 (Unmarshal can panic on some inputs, possibly allowing for denial of se ...)
TODO: check
CVE-2022-41718
@@ -16946,8 +17013,8 @@ CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS Vul
NOT-FOR-US: WordPress plugin
CVE-2022-40975
RESERVED
-CVE-2022-40966
- RESERVED
+CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo network device ...)
+ TODO: check
CVE-2022-40702
RESERVED
CVE-2022-40700
@@ -16974,8 +17041,8 @@ CVE-2022-40130 (Auth. (subscriber+) Race Condition vulnerability in WP-Polls plu
NOT-FOR-US: WordPress plugin
CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Expo ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-39044
- RESERVED
+CVE-2022-39044 (Hidden functionality vulnerability in multiple Buffalo network devices ...)
+ TODO: check
CVE-2022-38467
RESERVED
CVE-2022-38456
@@ -16994,8 +17061,8 @@ CVE-2022-36399
RESERVED
CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky head ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-34840
- RESERVED
+CVE-2022-34840 (Use of hard-coded credentials vulnerability in multiple Buffalo networ ...)
+ TODO: check
CVE-2022-3347
RESERVED
CVE-2022-3346
@@ -29095,8 +29162,8 @@ CVE-2020-36567
RESERVED
CVE-2020-36566
RESERVED
-CVE-2020-36565
- RESERVED
+CVE-2020-36565 (Due to improper sanitization of user input on Windows, the static file ...)
+ TODO: check
CVE-2020-36564
RESERVED
CVE-2020-36563
@@ -44734,6 +44801,7 @@ CVE-2022-31293
CVE-2022-31292
RESERVED
CVE-2022-31291 (An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows atta ...)
+ {DLA-3231-1}
- dlt-daemon 2.18.6-2.1 (bug #1014534)
[bullseye] - dlt-daemon 2.18.6-1+deb11u1
NOTE: https://github.com/COVESA/dlt-daemon/pull/376
@@ -45133,6 +45201,7 @@ CVE-2022-31162 (Slack Morphism is an async client library for Rust. Prior to 0.4
CVE-2022-31161 (Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived ...)
NOT-FOR-US: Roxy-WI
CVE-2022-31160 (jQuery UI is a curated set of user interface interactions, effects, wi ...)
+ {DLA-3230-1}
- jqueryui 1.13.2+dfsg-1 (bug #1015982)
[bullseye] - jqueryui <no-dsa> (Minor issue)
NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
@@ -71850,6 +71919,7 @@ CVE-2022-0137 (A heap buffer overflow in image_set_mask function of HTMLDOC befo
CVE-2022-0136 (A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 ...)
- gitlab <unfixed>
CVE-2022-0135 (An out-of-bounds write issue was found in the VirGL virtual OpenGL ren ...)
+ {DLA-3232-1}
- virglrenderer 0.10.0-1 (bug #1009073)
[bullseye] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037790
@@ -91503,6 +91573,7 @@ CVE-2021-41186 (Fluentd collects events from various data sources and writes the
CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...)
NOT-FOR-US: Mycodo
CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+ {DLA-3230-1}
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
@@ -91514,7 +91585,7 @@ CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior t
NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
NOTE: https://www.znuny.org/en/advisories/zsa-2022-01
CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
- {DLA-2889-1}
+ {DLA-3230-1 DLA-2889-1}
- drupal7 <removed>
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
@@ -91529,7 +91600,7 @@ CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior t
NOTE: https://www.drupal.org/sa-core-2022-001
NOTE: https://www.znuny.org/en/advisories/zsa-2022-01
CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
- {DLA-2889-1}
+ {DLA-3230-1 DLA-2889-1}
- drupal7 <removed>
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
@@ -127758,6 +127829,7 @@ CVE-2021-23217 (NVIDIA GPU and Tegra hardware contain a vulnerability in the int
CVE-2021-23201 (NVIDIA GPU and Tegra hardware contain a vulnerability in an internal m ...)
NOT-FOR-US: NVIDIA
CVE-2020-36244 (The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to ...)
+ {DLA-3231-1}
- dlt-daemon 2.18.6-1
NOTE: https://github.com/GENIVI/dlt-daemon/issues/265
NOTE: https://github.com/GENIVI/dlt-daemon/pull/269
@@ -143676,7 +143748,7 @@ CVE-2020-35590 (LimitLoginAttempts.php in the limit-login-attempts-reloaded plug
CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress a ...)
NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress
CVE-2020-35588
- RESERVED
+ REJECTED
CVE-2020-35587 (** DISPUTED ** In Solstice Pod before 3.0.3, the firmware can easily b ...)
NOT-FOR-US: Solstice Pod
CVE-2020-35586 (In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password ...)
@@ -146336,7 +146408,8 @@ CVE-2020-35541
REJECTED
CVE-2020-35540
REJECTED
-CVE-2020-35539 (A flaw was found in Wordpress 5.1. "X-Forwarded-For" is a HTTP header ...)
+CVE-2020-35539
+ REJECTED
- wordpress <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2135587
NOTE: https://seclists.org/fulldisclosure/2021/Mar/24
@@ -150175,6 +150248,7 @@ CVE-2020-29396 (A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo
CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS v ...)
NOT-FOR-US: EventON plugin for WordPress
CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in dlt_common.c from ...)
+ {DLA-3231-1}
- dlt-daemon 2.18.5-0.3 (bug #976228)
NOTE: https://github.com/GENIVI/dlt-daemon/issues/274
NOTE: https://github.com/GENIVI/dlt-daemon/pull/275
@@ -206723,9 +206797,11 @@ CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read f
NOTE: Fixed by: https://github.com/GNUAspell/aspell/commit/de29341638833ba7717bd6b5e6850998454b044b
NOTE: Recommended additionally: https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc
CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...)
+ {DLA-3232-1}
- virglrenderer 0.8.2-1 (bug #949954)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42
CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...)
+ {DLA-3232-1}
- virglrenderer 0.8.2-1 (bug #949954)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5
CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a hardcoded pass ...)
@@ -229392,19 +229468,23 @@ CVE-2019-18393 (PluginServlet.java in Ignite Realtime Openfire through 4.4.2 doe
CVE-2019-18392
REJECTED
CVE-2019-18391 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov ...)
+ {DLA-3232-1}
- virglrenderer 0.8.1-1 (bug #946942)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
CVE-2019-18390 (An out-of-bounds read in the vrend_blit_need_swizzle function in vrend ...)
+ {DLA-3232-1}
- virglrenderer 0.8.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765584
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151
CVE-2019-18389 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov ...)
+ {DLA-3232-1}
- virglrenderer 0.8.1-1 (bug #946942)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
CVE-2019-18388 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...)
+ {DLA-3232-1}
- virglrenderer 0.8.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765578
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56af3fe8f020da722733f59fde87ccdb74fc5d87
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56af3fe8f020da722733f59fde87ccdb74fc5d87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221207/86f2f437/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list