[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 8 20:10:38 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3ab149b4 by security tracker role at 2022-12-08T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2022-46831 (In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS ...)
+ TODO: check
+CVE-2022-46830 (In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpo ...)
+ TODO: check
+CVE-2022-46829 (In JetBrains JetBrains Gateway before 2022.3 a client could connect wi ...)
+ TODO: check
+CVE-2022-46828 (In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS wa ...)
+ TODO: check
+CVE-2022-46827 (In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF ...)
+ TODO: check
+CVE-2022-46826 (In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allow ...)
+ TODO: check
+CVE-2022-46825 (In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leake ...)
+ TODO: check
+CVE-2022-46824 (In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fs ...)
+ TODO: check
+CVE-2022-46823
+ RESERVED
+CVE-2022-46822
+ RESERVED
+CVE-2022-46821
+ RESERVED
+CVE-2022-46820
+ RESERVED
+CVE-2022-46819
+ RESERVED
+CVE-2022-46818
+ RESERVED
+CVE-2022-46817
+ RESERVED
+CVE-2022-46816
+ RESERVED
+CVE-2022-46815
+ RESERVED
+CVE-2022-46814
+ RESERVED
+CVE-2022-46813
+ RESERVED
+CVE-2022-46812
+ RESERVED
+CVE-2022-46811
+ RESERVED
+CVE-2022-46810
+ RESERVED
+CVE-2022-46809
+ RESERVED
+CVE-2022-46808
+ RESERVED
+CVE-2022-46807
+ RESERVED
+CVE-2022-46806
+ RESERVED
+CVE-2022-46805
+ RESERVED
+CVE-2022-46804
+ RESERVED
+CVE-2022-46803
+ RESERVED
+CVE-2022-46802
+ RESERVED
+CVE-2022-46801
+ RESERVED
+CVE-2022-46800
+ RESERVED
+CVE-2022-46799
+ RESERVED
+CVE-2022-46798
+ RESERVED
+CVE-2022-46797
+ RESERVED
+CVE-2022-46796
+ RESERVED
+CVE-2022-46795
+ RESERVED
+CVE-2022-46794
+ RESERVED
+CVE-2022-46793
+ RESERVED
+CVE-2022-4366 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2022-4365
+ RESERVED
+CVE-2022-4364 (A vulnerability classified as critical has been found in Teledyne FLIR ...)
+ TODO: check
+CVE-2022-4363
+ RESERVED
+CVE-2022-4362
+ RESERVED
+CVE-2022-4361
+ RESERVED
+CVE-2022-4360
+ RESERVED
+CVE-2022-4359
+ RESERVED
+CVE-2022-4358
+ RESERVED
+CVE-2022-4357
+ RESERVED
+CVE-2022-4356
+ RESERVED
+CVE-2022-4355
+ RESERVED
+CVE-2022-4354 (A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as ...)
+ TODO: check
+CVE-2022-4353 (A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classifie ...)
+ TODO: check
+CVE-2022-4352
+ RESERVED
+CVE-2022-4351
+ RESERVED
+CVE-2022-4350 (A vulnerability, which was classified as problematic, was found in Min ...)
+ TODO: check
+CVE-2022-4349 (A vulnerability classified as problematic has been found in CTF-hacker ...)
+ TODO: check
+CVE-2022-4348 (A vulnerability was found in y_project RuoYi-Cloud. It has been rated ...)
+ TODO: check
+CVE-2022-4347 (A vulnerability was found in xiandafu beetl-bbs. It has been declared ...)
+ TODO: check
+CVE-2020-36610 (A vulnerability was found in annyshow DuxCMS 2.1. It has been declared ...)
+ TODO: check
+CVE-2020-36609 (A vulnerability was found in annyshow DuxCMS 2.1. It has been classifi ...)
+ TODO: check
CVE-2022-46792 (Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization ...)
TODO: check
CVE-2022-46791
@@ -1350,7 +1472,7 @@ CVE-2023-21525
RESERVED
CVE-2023-21524
RESERVED
-CVE-2022-4261 (Rapid7 Nexpose versions prior to 6.6.172 failed to reliably validate t ...)
+CVE-2022-4261 (Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to relia ...)
TODO: check
CVE-2022-4260
RESERVED
@@ -2666,22 +2788,22 @@ CVE-2022-45884 (An issue was discovered in the Linux kernel through 6.0.9. drive
NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/
CVE-2022-45883
RESERVED
-CVE-2022-45877
- RESERVED
+CVE-2022-45877 (OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code i ...)
+ TODO: check
CVE-2022-45875
RESERVED
CVE-2022-45874
RESERVED
CVE-2022-45126
RESERVED
-CVE-2022-45118
- RESERVED
-CVE-2022-44455
- RESERVED
+CVE-2022-45118 (OpenHarmony-v3.1.2 and prior versions had a vulnerability that telepho ...)
+ TODO: check
+CVE-2022-44455 (The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prio ...)
+ TODO: check
CVE-2022-43662
RESERVED
-CVE-2022-41802
- RESERVED
+CVE-2022-41802 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kerne ...)
+ TODO: check
CVE-2022-4138
RESERVED
CVE-2022-4137
@@ -2890,13 +3012,11 @@ CVE-2022-45799
RESERVED
CVE-2022-45798
RESERVED
-CVE-2022-4123
- RESERVED
+CVE-2022-4123 (A flaw was found in Buildah. The local path and the lowest subdirector ...)
- golang-github-containers-buildah <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2144989
NOTE: Negligible security impact
-CVE-2022-4122
- RESERVED
+CVE-2022-4122 (A vulnerability was found in buildah. Incorrect following of symlinks ...)
- golang-github-containers-buildah <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2144983
NOTE: Negligible security impact
@@ -3490,64 +3610,64 @@ CVE-2022-45527
RESERVED
CVE-2022-45526
RESERVED
-CVE-2022-45525
- RESERVED
-CVE-2022-45524
- RESERVED
-CVE-2022-45523
- RESERVED
-CVE-2022-45522
- RESERVED
-CVE-2022-45521
- RESERVED
-CVE-2022-45520
- RESERVED
-CVE-2022-45519
- RESERVED
-CVE-2022-45518
- RESERVED
-CVE-2022-45517
- RESERVED
-CVE-2022-45516
- RESERVED
-CVE-2022-45515
- RESERVED
-CVE-2022-45514
- RESERVED
-CVE-2022-45513
- RESERVED
-CVE-2022-45512
- RESERVED
-CVE-2022-45511
- RESERVED
-CVE-2022-45510
- RESERVED
-CVE-2022-45509
- RESERVED
-CVE-2022-45508
- RESERVED
-CVE-2022-45507
- RESERVED
-CVE-2022-45506
- RESERVED
-CVE-2022-45505
- RESERVED
-CVE-2022-45504
- RESERVED
-CVE-2022-45503
- RESERVED
+CVE-2022-45525 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45524 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45523 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45522 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45521 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45520 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45519 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45518 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45517 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45516 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45515 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45514 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45513 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45512 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45511 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45510 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45509 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45508 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45507 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45506 (Tenda W30E v1.0.1.25(633) was discovered to contain a command injectio ...)
+ TODO: check
+CVE-2022-45505 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...)
+ TODO: check
+CVE-2022-45504 (An issue in the component tpi_systool_handle(0) (/goform/SysToolRestor ...)
+ TODO: check
+CVE-2022-45503 (Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow vi ...)
+ TODO: check
CVE-2022-45502
RESERVED
-CVE-2022-45501
- RESERVED
+CVE-2022-45501 (Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow vi ...)
+ TODO: check
CVE-2022-45500
RESERVED
-CVE-2022-45499
- RESERVED
-CVE-2022-45498
- RESERVED
-CVE-2022-45497
- RESERVED
+CVE-2022-45499 (Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow vi ...)
+ TODO: check
+CVE-2022-45498 (An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot ...)
+ TODO: check
+CVE-2022-45497 (Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection ...)
+ TODO: check
CVE-2022-45496
RESERVED
CVE-2022-45495
@@ -5568,10 +5688,10 @@ CVE-2022-44934
RESERVED
CVE-2022-44933
RESERVED
-CVE-2022-44932
- RESERVED
-CVE-2022-44931
- RESERVED
+CVE-2022-44932 (An access control issue in Tenda A18 v15.13.07.09 allows unauthenticat ...)
+ TODO: check
+CVE-2022-44931 (Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via ...)
+ TODO: check
CVE-2022-44930 (D-Link DHP-W310AV 3.10EU was discovered to contain a command injection ...)
NOT-FOR-US: D-Link
CVE-2022-44929 (An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthent ...)
@@ -16819,8 +16939,7 @@ CVE-2022-41719 (Unmarshal can panic on some inputs, possibly allowing for denial
TODO: check
CVE-2022-41718
RESERVED
-CVE-2022-41717 [go: net/http: limit canonical header cache by bytes, not entries]
- RESERVED
+CVE-2022-41717 (An attacker can cause excessive memory growth in a Go server accepting ...)
- golang-1.19 1.19.4-1
- golang-1.18 1.18.9-1
- golang-1.15 <removed>
@@ -18097,13 +18216,12 @@ CVE-2022-40224
RESERVED
CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version 6.7 has ...)
NOT-FOR-US: Measuresoft ScadaPro Server
-CVE-2022-3262
- RESERVED
+CVE-2022-3262 (A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst ...)
NOT-FOR-US: OpenShift
CVE-2022-3261
RESERVED
-CVE-2022-3260
- RESERVED
+CVE-2022-3260 (The response header has not enabled X-FRAME-OPTIONS, Which helps preve ...)
+ TODO: check
CVE-2022-3259
RESERVED
CVE-2022-3258 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
@@ -18829,8 +18947,8 @@ CVE-2022-40941
RESERVED
CVE-2022-40940
RESERVED
-CVE-2022-40939
- RESERVED
+CVE-2022-40939 (In certain Secustation products the administrator account password can ...)
+ TODO: check
CVE-2022-40938
RESERVED
CVE-2022-40937
@@ -21279,50 +21397,50 @@ CVE-2022-39917
RESERVED
CVE-2022-39916
RESERVED
-CVE-2022-39915
- RESERVED
-CVE-2022-39914
- RESERVED
-CVE-2022-39913
- RESERVED
-CVE-2022-39912
- RESERVED
-CVE-2022-39911
- RESERVED
-CVE-2022-39910
- RESERVED
-CVE-2022-39909
- RESERVED
-CVE-2022-39908
- RESERVED
-CVE-2022-39907
- RESERVED
-CVE-2022-39906
- RESERVED
-CVE-2022-39905
- RESERVED
-CVE-2022-39904
- RESERVED
-CVE-2022-39903
- RESERVED
-CVE-2022-39902
- RESERVED
-CVE-2022-39901
- RESERVED
-CVE-2022-39900
- RESERVED
-CVE-2022-39899
- RESERVED
-CVE-2022-39898
- RESERVED
-CVE-2022-39897
- RESERVED
-CVE-2022-39896
- RESERVED
-CVE-2022-39895
- RESERVED
-CVE-2022-39894
- RESERVED
+CVE-2022-39915 (Improper access control vulnerability in Calendar prior to versions 11 ...)
+ TODO: check
+CVE-2022-39914 (Exposure of Sensitive Information from an Unauthorized Actor vulnerabi ...)
+ TODO: check
+CVE-2022-39913 (Exposure of Sensitive Information to an Unauthorized Actor in Persona ...)
+ TODO: check
+CVE-2022-39912 (Improper handling of insufficient permissions vulnerability in setSecu ...)
+ TODO: check
+CVE-2022-39911 (Improper check or handling of exceptional conditions vulnerability in ...)
+ TODO: check
+CVE-2022-39910 (Improper access control vulnerability in Samsung Pass prior to version ...)
+ TODO: check
+CVE-2022-39909 (Insufficient verification of data authenticity vulnerability in Samsun ...)
+ TODO: check
+CVE-2022-39908 (TOCTOU vulnerability in Samsung decoding library for video thumbnails ...)
+ TODO: check
+CVE-2022-39907 (Integer overflow vulnerability in Samsung decoding library for video t ...)
+ TODO: check
+CVE-2022-39906 (Improper access control vulnerability in SecTelephonyProvider prior to ...)
+ TODO: check
+CVE-2022-39905 (Implicit intent hijacking vulnerability in Telecom application prior t ...)
+ TODO: check
+CVE-2022-39904 (Exposure of Sensitive Information vulnerability in Samsung Settings pr ...)
+ TODO: check
+CVE-2022-39903 (Improper access control vulnerability in RCS call prior to SMR Dec-202 ...)
+ TODO: check
+CVE-2022-39902 (Improper authorization in Exynos baseband prior to SMR DEC-2022 Releas ...)
+ TODO: check
+CVE-2022-39901 (Improper authentication in Exynos baseband prior to SMR DEC-2022 Relea ...)
+ TODO: check
+CVE-2022-39900 (Improper access control vulnerability in Nice Catch prior to SMR Dec-2 ...)
+ TODO: check
+CVE-2022-39899 (Improper authentication vulnerability in Samsung WindowManagerService ...)
+ TODO: check
+CVE-2022-39898 (Improper access control vulnerability in IIccPhoneBook prior to SMR De ...)
+ TODO: check
+CVE-2022-39897 (Exposure of Sensitive Information vulnerability in kernel prior to SMR ...)
+ TODO: check
+CVE-2022-39896 (Improper access control vulnerabilities in Contacts prior to SMR Dec-2 ...)
+ TODO: check
+CVE-2022-39895 (Improper access control vulnerability in ContactListUtils in Phone pri ...)
+ TODO: check
+CVE-2022-39894 (Improper access control vulnerability in ContactListStartActivityHelpe ...)
+ TODO: check
CVE-2022-39893 (Sensitive information exposure vulnerability in FmmBaseModel in Galaxy ...)
NOT-FOR-US: Samsung
CVE-2022-39892 (Improper access control in Samsung Pass prior to version 4.0.05.1 allo ...)
@@ -24283,8 +24401,8 @@ CVE-2022-38756
RESERVED
CVE-2022-38755 (A vulnerability has been identified in Micro Focus Filr in versions pr ...)
NOT-FOR-US: Micro Focus
-CVE-2022-38754
- RESERVED
+CVE-2022-38754 (A potential vulnerability has been identified in Micro Focus Operation ...)
+ TODO: check
CVE-2022-38753 (This update resolves a multi-factor authentication bypass attack ...)
TODO: check
CVE-2022-2999
@@ -24852,8 +24970,8 @@ CVE-2022-38600 (Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c
NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e (r38380)
NOTE: Followup: https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8 (r38392)
NOTE: Memory leak in CLI tool, no security impact
-CVE-2022-38599
- RESERVED
+CVE-2022-38599 (Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was disco ...)
+ TODO: check
CVE-2022-38598
RESERVED
CVE-2022-38597
@@ -25950,6 +26068,7 @@ CVE-2022-38268 (School Activity Updates with SMS Notification v1.0 was discovere
CVE-2022-38267 (School Activity Updates with SMS Notification v1.0 was discovered to c ...)
NOT-FOR-US: School Activity Updates with SMS Notification
CVE-2022-38266 (An issue in the Leptonica linked library (v1.79.0) allows attackers to ...)
+ {DLA-3233-1}
- leptonlib 1.82.0-1
[bullseye] - leptonlib <no-dsa> (Minor issue)
NOTE: https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614 (1.81.0)
@@ -26885,12 +27004,12 @@ CVE-2022-37920 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line
NOT-FOR-US: Aruba
CVE-2022-37919 (A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An ...)
NOT-FOR-US: Aruba
-CVE-2022-37918
- RESERVED
-CVE-2022-37917
- RESERVED
-CVE-2022-37916
- RESERVED
+CVE-2022-37918 (Vulnerabilities in the AirWave Management Platform web-based managemen ...)
+ TODO: check
+CVE-2022-37917 (Vulnerabilities in the AirWave Management Platform web-based managemen ...)
+ TODO: check
+CVE-2022-37916 (Vulnerabilities in the AirWave Management Platform web-based managemen ...)
+ TODO: check
CVE-2022-37915 (A vulnerability in the web-based management interface of Aruba EdgeCon ...)
NOT-FOR-US: Aruba
CVE-2022-37914 (Vulnerabilities in the web-based management interface of Aruba EdgeCon ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ab149b4ede0c0b7961f0b6929ecce233e2b8a0b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ab149b4ede0c0b7961f0b6929ecce233e2b8a0b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221208/c363039a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list