[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 8 08:10:33 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d6f88f5 by security tracker role at 2022-12-08T08:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2022-46792 (Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization ...)
+	TODO: check
+CVE-2022-46791
+	RESERVED
+CVE-2022-46790
+	RESERVED
+CVE-2022-46789
+	RESERVED
+CVE-2022-46788
+	RESERVED
+CVE-2022-46787
+	RESERVED
+CVE-2022-46786
+	RESERVED
+CVE-2022-46785
+	RESERVED
+CVE-2022-46784
+	RESERVED
+CVE-2022-46783
+	RESERVED
+CVE-2022-46782
+	RESERVED
+CVE-2022-46781
+	RESERVED
+CVE-2022-46780
+	RESERVED
+CVE-2022-46779
+	RESERVED
+CVE-2022-46778
+	RESERVED
+CVE-2022-46777
+	RESERVED
+CVE-2022-46776
+	RESERVED
+CVE-2022-46775
+	RESERVED
+CVE-2022-46774
+	RESERVED
+CVE-2022-46773
+	RESERVED
+CVE-2022-46772
+	RESERVED
+CVE-2022-46771
+	RESERVED
+CVE-2022-46770 (qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through  ...)
+	TODO: check
+CVE-2022-46769
+	RESERVED
+CVE-2022-4346
+	RESERVED
+CVE-2022-4345
+	RESERVED
+CVE-2022-4344
+	RESERVED
+CVE-2022-4343
+	RESERVED
+CVE-2022-4342
+	RESERVED
+CVE-2022-4341 (A vulnerability has been found in csliuwy coder-chain_gdut and classif ...)
+	TODO: check
 CVE-2022-46768
 	RESERVED
 CVE-2022-46767
@@ -898,8 +958,8 @@ CVE-2022-4292 (Use After Free in GitHub repository vim/vim prior to 9.0.0882. ..
 	- vim <unfixed>
 	NOTE: https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b
 	NOTE: https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93 (v9.0.0882)
-CVE-2022-4291
-	RESERVED
+CVE-2022-4291 (The aswjsflt.dll library from Avast Antivirus windows contained a pote ...)
+	TODO: check
 CVE-2022-4290
 	RESERVED
 CVE-2022-4289
@@ -1288,8 +1348,8 @@ CVE-2023-21525
 	RESERVED
 CVE-2023-21524
 	RESERVED
-CVE-2022-4261
-	RESERVED
+CVE-2022-4261 (Rapid7 Nexpose versions prior to 6.6.172 failed to reliably validate t ...)
+	TODO: check
 CVE-2022-4260
 	RESERVED
 CVE-2022-4259
@@ -23035,8 +23095,8 @@ CVE-2022-39160
 	RESERVED
 CVE-2022-3093
 	RESERVED
-CVE-2022-3092
-	RESERVED
+CVE-2022-3092 (GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds ...)
+	TODO: check
 CVE-2022-3091
 	RESERVED
 CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1  ...)
@@ -23047,12 +23107,12 @@ CVE-2022-3088 (UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System
 	NOT-FOR-US: Moxa
 CVE-2022-3087
 	RESERVED
-CVE-2022-3086 (An attacker with physical access to Moxa's bootloader versions of UC-8 ...)
+CVE-2022-3086 (Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerabl ...)
 	NOT-FOR-US: Moxa
 CVE-2022-3085
 	RESERVED
-CVE-2022-3084
-	RESERVED
+CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a fa ...)
+	TODO: check
 CVE-2022-3083
 	RESERVED
 CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux kernel befo ...)
@@ -24561,16 +24621,16 @@ CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
 	NOTE: Crash in CLI tool, no security impact
-CVE-2022-2952
-	RESERVED
+CVE-2022-2952 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a fa ...)
+	TODO: check
 CVE-2022-2951
 	RESERVED
 CVE-2022-2950
 	RESERVED
 CVE-2022-2949
 	RESERVED
-CVE-2022-2948
-	RESERVED
+CVE-2022-2948 (GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buf ...)
+	TODO: check
 CVE-2022-2947
 	RESERVED
 CVE-2022-38666 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and e ...)
@@ -41236,8 +41296,8 @@ CVE-2022-2004 (AutomationDirect DirectLOGIC is vulnerable to a a specially craft
 	NOT-FOR-US: AutomationDirect
 CVE-2022-2003 (AutomationDirect DirectLOGIC is vulnerable to a specifically crafted s ...)
 	NOT-FOR-US: AutomationDirect
-CVE-2022-2002
-	RESERVED
+CVE-2022-2002 (GE CIMPICITY versions 2022 and prior is vulnerable when data from faul ...)
+	TODO: check
 CVE-2022-2001 (The DX Share Selection plugin for WordPress is vulnerable to Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-32498 (Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijackin ...)
@@ -68695,20 +68755,20 @@ CVE-2022-23494
 	RESERVED
 CVE-2022-23493
 	RESERVED
-CVE-2022-23492
-	RESERVED
-CVE-2022-23491
-	RESERVED
+CVE-2022-23492 (go-libp2p is the offical libp2p implementation in the Go programming l ...)
+	TODO: check
+CVE-2022-23491 (Certifi is a curated collection of Root Certificates for validating th ...)
+	TODO: check
 CVE-2022-23490
 	RESERVED
 CVE-2022-23489
 	RESERVED
 CVE-2022-23488
 	RESERVED
-CVE-2022-23487
-	RESERVED
-CVE-2022-23486
-	RESERVED
+CVE-2022-23487 (js-libp2p is the official javascript Implementation of libp2p networki ...)
+	TODO: check
+CVE-2022-23486 (libp2p-rust is the official rust language Implementation of the libp2p ...)
+	TODO: check
 CVE-2022-23485
 	RESERVED
 CVE-2022-23484
@@ -68727,8 +68787,8 @@ CVE-2022-23478
 	RESERVED
 CVE-2022-23477
 	RESERVED
-CVE-2022-23476
-	RESERVED
+CVE-2022-23476 (Nokogiri is an open source XML and HTML library for the Ruby programmi ...)
+	TODO: check
 CVE-2022-23475 (daloRADIUS is an open source RADIUS web management application. daloRa ...)
 	TODO: check
 CVE-2022-23474
@@ -68737,8 +68797,7 @@ CVE-2022-23473
 	RESERVED
 CVE-2022-23472 (Passeo is an open source python password generator. Versions prior to  ...)
 	TODO: check
-CVE-2022-23471 [CRI plugin: Fix goroutine leak during Exec]
-	RESERVED
+CVE-2022-23471 (containerd is an open source container runtime. A bug was found in con ...)
 	- containerd 1.6.12~ds1-1
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9
 	NOTE: https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0
@@ -110622,7 +110681,7 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plai
 	NOTE: CVE-2021-40528 and CVE-2021-33560.
 CVE-2021-33559
 	RESERVED
-CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive information vi ...)
+CVE-2021-33558 (** DISPUTED ** Boa 0.94.13 allows remote attackers to obtain sensitive ...)
 	- boa <removed>
 CVE-2021-33557 (An XSS issue was discovered in manage_custom_field_edit_page.php in Ma ...)
 	- mantis <removed>
@@ -359603,7 +359662,7 @@ CVE-2017-9835 (The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghosts
 	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066 (ghostpdl-9.22rc1)
 CVE-2017-9834 (SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for W ...)
 	NOT-FOR-US: WatuPRO plugin for WordPress
-CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of  ...)
+CVE-2017-9833 (** DISPUTED ** /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injectio ...)
 	NOT-FOR-US: Undetermined product
 	NOTE: /wapopen is not part of BOA, it's probably an insecure CGI
 	NOTE: script used in some embedded product relying on BOA as webserver.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6f88f51f6f5d93ac224da24ee1461a61c55328

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6f88f51f6f5d93ac224da24ee1461a61c55328
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221208/f4e65d31/attachment.htm>

More information about the debian-security-tracker-commits mailing list