Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9d620fb9 by security tracker role at 2022-12-23T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2022-47934
+ RESERVED
+CVE-2022-47933
+ RESERVED
+CVE-2022-47932
+ RESERVED
+CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash values. ...)
+ TODO: check
+CVE-2022-47930
+ RESERVED
+CVE-2022-47929
+ RESERVED
+CVE-2022-47928 (In MISP before 2.4.167, there is XSS in the template file uploads in a ...)
+ TODO: check
+CVE-2022-47927
+ RESERVED
+CVE-2022-47914
+ RESERVED
+CVE-2022-4680
+ RESERVED
+CVE-2022-4679
+ RESERVED
+CVE-2022-4678
+ RESERVED
+CVE-2022-4677
+ RESERVED
+CVE-2022-4676
+ RESERVED
+CVE-2022-4675
+ RESERVED
+CVE-2022-4674
+ RESERVED
+CVE-2022-46739
+ RESERVED
+CVE-2022-46735
+ RESERVED
+CVE-2022-46734
+ RESERVED
+CVE-2022-4673
+ RESERVED
+CVE-2022-4672
+ RESERVED
+CVE-2022-4671
+ RESERVED
+CVE-2022-4670
+ RESERVED
+CVE-2022-4669
+ RESERVED
+CVE-2022-4668
+ RESERVED
+CVE-2022-4667
+ RESERVED
+CVE-2022-4666
+ RESERVED
+CVE-2022-4665 (Unrestricted Upload of File with Dangerous Type in GitHub repository a ...)
+ TODO: check
+CVE-2022-4664
+ RESERVED
+CVE-2022-46419
+ RESERVED
+CVE-2022-45878
+ RESERVED
+CVE-2022-45120
+ RESERVED
+CVE-2022-43659
+ RESERVED
+CVE-2022-43444
+ RESERVED
+CVE-2022-42702
+ RESERVED
CVE-2023-0025
RESERVED
CVE-2023-0024
@@ -12,8 +82,7 @@ CVE-2022-47926 (AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admi
NOT-FOR-US: AyaCMS
CVE-2022-4663
RESERVED
-CVE-2022-4662
- RESERVED
+CVE-2022-4662 (A flaw incorrect access control in the Linux kernel USB core subsystem ...)
- linux 5.19.11-1
[bullseye] - linux 5.10.148-1
[buster] - linux 4.19.260-1
@@ -5234,12 +5303,12 @@ CVE-2022-46495
RESERVED
CVE-2022-46494
RESERVED
-CVE-2022-46493
- RESERVED
-CVE-2022-46492
- RESERVED
-CVE-2022-46491
- RESERVED
+CVE-2022-46493 (Default version of nbnbk was discovered to contain an arbitrary file u ...)
+ TODO: check
+CVE-2022-46492 (nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered t ...)
+ TODO: check
+CVE-2022-46491 (A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administr ...)
+ TODO: check
CVE-2022-46490
RESERVED
CVE-2022-46489
@@ -7360,8 +7429,8 @@ CVE-2022-45800
RESERVED
CVE-2022-45799
RESERVED
-CVE-2022-45798
- RESERVED
+CVE-2022-45798 (A link following vulnerability in the Damage Cleanup Engine component ...)
+ TODO: check
CVE-2022-4123 (A flaw was found in Buildah. The local path and the lowest subdirector ...)
- golang-github-containers-buildah <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2144989
@@ -12090,8 +12159,8 @@ CVE-2022-3807 (A vulnerability was found in Axiomatic Bento4. It has been rated
NOT-FOR-US: Bento4
CVE-2022-3806
RESERVED
-CVE-2022-3805
- RESERVED
+CVE-2022-3805 (The Jeg Elementor Kit plugin for WordPress is vulnerable to authorizat ...)
+ TODO: check
CVE-2022-3804 (A vulnerability was found in eolinker apinto-dashboard. It has been cl ...)
NOT-FOR-US: eolinker apinto-dashboard
CVE-2022-3803 (A vulnerability was found in eolinker apinto-dashboard and classified ...)
@@ -12112,8 +12181,8 @@ CVE-2022-3796
REJECTED
CVE-2022-3795
RESERVED
-CVE-2022-3794
- RESERVED
+CVE-2022-3794 (The Jeg Elementor Kit plugin for WordPress is vulnerable to authorizat ...)
+ TODO: check
CVE-2022-3793 (An improper authorization issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
CVE-2022-3792
@@ -15471,12 +15540,12 @@ CVE-2022-43861
RESERVED
CVE-2022-43860
RESERVED
-CVE-2022-43859
- RESERVED
-CVE-2022-43858
- RESERVED
-CVE-2022-43857
- RESERVED
+CVE-2022-43859 (IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated use ...)
+ TODO: check
+CVE-2022-43858 (IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated use ...)
+ TODO: check
+CVE-2022-43857 (IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user ...)
+ TODO: check
CVE-2022-43856
RESERVED
CVE-2022-43855
@@ -16176,30 +16245,30 @@ CVE-2022-43605
RESERVED
CVE-2022-43604
RESERVED
-CVE-2022-43603
- RESERVED
-CVE-2022-43602
- RESERVED
-CVE-2022-43601
- RESERVED
-CVE-2022-43600
- RESERVED
-CVE-2022-43599
- RESERVED
-CVE-2022-43598
- RESERVED
-CVE-2022-43597
- RESERVED
-CVE-2022-43596
- RESERVED
-CVE-2022-43595
- RESERVED
-CVE-2022-43594
- RESERVED
-CVE-2022-43593
- RESERVED
-CVE-2022-43592
- RESERVED
+CVE-2022-43603 (A denial of service vulnerability exists in the ZfileOutput::close() f ...)
+ TODO: check
+CVE-2022-43602 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...)
+ TODO: check
+CVE-2022-43601 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...)
+ TODO: check
+CVE-2022-43600 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...)
+ TODO: check
+CVE-2022-43599 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...)
+ TODO: check
+CVE-2022-43598 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...)
+ TODO: check
+CVE-2022-43597 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...)
+ TODO: check
+CVE-2022-43596 (An information disclosure vulnerability exists in the IFFOutput channe ...)
+ TODO: check
+CVE-2022-43595 (Multiple denial of service vulnerabilities exist in the image output c ...)
+ TODO: check
+CVE-2022-43594 (Multiple denial of service vulnerabilities exist in the image output c ...)
+ TODO: check
+CVE-2022-43593 (A denial of service vulnerability exists in the DPXOutput::close() fun ...)
+ TODO: check
+CVE-2022-43592 (An information disclosure vulnerability exists in the DPXOutput::close ...)
+ TODO: check
CVE-2022-43591
RESERVED
CVE-2022-43590 (A null pointer dereference vulnerability exists in the handle_ioctl_0x ...)
@@ -19328,16 +19397,16 @@ CVE-2022-42470
RESERVED
CVE-2022-42469
RESERVED
-CVE-2022-41999
- RESERVED
+CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile readin ...)
+ TODO: check
CVE-2022-41991
RESERVED
-CVE-2022-41988
- RESERVED
-CVE-2022-41838
- RESERVED
-CVE-2022-41837
- RESERVED
+CVE-2022-41988 (An information disclosure vulnerability exists in the OpenImageIO::dec ...)
+ TODO: check
+CVE-2022-41838 (A code execution vulnerability exists in the DDS scanline parsing func ...)
+ TODO: check
+CVE-2022-41837 (An out-of-bounds write vulnerability exists in the OpenImageIO::add_ex ...)
+ TODO: check
CVE-2022-41632
RESERVED
CVE-2022-41630
@@ -20605,22 +20674,22 @@ CVE-2022-42003 (In FasterXML jackson-databind before 2.14.0-rc1, resource exhaus
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020
CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the following muta ...)
NOT-FOR-US: SonicJS
-CVE-2022-41981
- RESERVED
-CVE-2022-41977
- RESERVED
-CVE-2022-41794
- RESERVED
-CVE-2022-41684
- RESERVED
-CVE-2022-41649
- RESERVED
-CVE-2022-41639
- RESERVED
-CVE-2022-38143
- RESERVED
-CVE-2022-36354
- RESERVED
+CVE-2022-41981 (A stack-based buffer overflow vulnerability exists in the TGA file for ...)
+ TODO: check
+CVE-2022-41977 (An out of bounds read vulnerability exists in the way OpenImageIO vers ...)
+ TODO: check
+CVE-2022-41794 (A heap based buffer overflow vulnerability exists in the PSD thumbnail ...)
+ TODO: check
+CVE-2022-41684 (A heap out of bounds read vulnerability exists in the OpenImageIO mast ...)
+ TODO: check
+CVE-2022-41649 (A heap out of bounds read vulnerability exists in the handling of IPTC ...)
+ TODO: check
+CVE-2022-41639 (A heap based buffer overflow vulnerability exists in tile decoding cod ...)
+ TODO: check
+CVE-2022-38143 (A heap out-of-bounds write vulnerability exists in the way OpenImageIO ...)
+ TODO: check
+CVE-2022-36354 (A heap out-of-bounds read vulnerability exists in the RLA format parse ...)
+ TODO: check
CVE-2022-3388 (An input validation vulnerability exists in the Monitor Pro interface ...)
NOT-FOR-US: MicroSCADA
CVE-2022-3387 (Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path tr ...)
@@ -22470,6 +22539,7 @@ CVE-2022-3268 (Weak Password Requirements in GitHub repository ikus060/minarca p
CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3266 (An out-of-bounds read can occur when decoding H264 video. This results ...)
+ {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -23434,12 +23504,12 @@ CVE-2022-40901
RESERVED
CVE-2022-40900
RESERVED
-CVE-2022-40899
- RESERVED
-CVE-2022-40898
- RESERVED
-CVE-2022-40897
- RESERVED
+CVE-2022-40899 (An issue discovered in Python Charmers Future 0.18.2 and earlier allow ...)
+ TODO: check
+CVE-2022-40898 (An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 ...)
+ TODO: check
+CVE-2022-40897 (An issue discovered in Python Packaging Authority (PyPA) setuptools 65 ...)
+ TODO: check
CVE-2022-40896
RESERVED
CVE-2022-40895 (In certain Nedi products, a vulnerability in the web UI of NeDi login ...)
@@ -37340,8 +37410,8 @@ CVE-2022-35648 (Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO
NOT-FOR-US: Nautilus treadmills
CVE-2022-35647
RESERVED
-CVE-2022-35646
- RESERVED
+CVE-2022-35646 (IBM Security Verify Governance, Identity Manager 10.0.1 software compo ...)
+ TODO: check
CVE-2022-35645
RESERVED
CVE-2022-35644
@@ -43836,8 +43906,8 @@ CVE-2022-33326 (Multiple command injection vulnerabilities exist in the web_serv
NOT-FOR-US: Robustel R1510
CVE-2022-33325 (Multiple command injection vulnerabilities exist in the web_server aja ...)
NOT-FOR-US: Robustel R1510
-CVE-2022-33324
- RESERVED
+CVE-2022-33324 (Improper Resource Shutdown or Release vulnerability in Mitsubishi Elec ...)
+ TODO: check
CVE-2022-33323
RESERVED
CVE-2022-33322 (Cross-site scripting vulnerability in Mitsubishi Electric consumer ele ...)
@@ -55874,6 +55944,7 @@ CVE-2022-29169 (BigBlueButton is an open source web conferencing system. Version
CVE-2022-29168 (Wire is a secure messaging application. Wire is vulnerable to arbitrar ...)
NOT-FOR-US: wire-webapp
CVE-2022-29167 (Hawk is an HTTP authentication scheme providing mechanisms for making ...)
+ {DLA-3246-1}
- node-hawk 9.0.1-1
[bullseye] - node-hawk 8.0.1+dfsg-2+deb11u1
NOTE: https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq
@@ -73195,8 +73266,8 @@ CVE-2022-23541 (jsonwebtoken is an implementation of JSON Web Tokens. Versions `
TODO: check
CVE-2022-23540 (In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm ...)
TODO: check
-CVE-2022-23539
- RESERVED
+CVE-2022-23539 (Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured ...)
+ TODO: check
CVE-2022-23538
RESERVED
CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -73259,8 +73330,8 @@ CVE-2022-23515 (Loofah is a general library for manipulating and transforming HT
CVE-2022-23514 (Loofah is a general library for manipulating and transforming HTML/XML ...)
- ruby-loofah 2.19.1-1 (bug #1026083)
NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
-CVE-2022-23513
- RESERVED
+CVE-2022-23513 (Pi-Hole is a network-wide ad blocking via your own Linux hardware, Adm ...)
+ TODO: check
CVE-2022-23512 (MeterSphere is a one-stop open source continuous testing platform. Ver ...)
TODO: check
CVE-2022-23511 (A privilege escalation issue exists within the Amazon CloudWatch Agent ...)
@@ -77310,18 +77381,18 @@ CVE-2022-22463 (IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2
NOT-FOR-US: IBM
CVE-2022-22462
RESERVED
-CVE-2022-22461
- RESERVED
+CVE-2022-22461 (IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker th ...)
+ TODO: check
CVE-2022-22460 (IBM Security Verify Identity Manager 10.0 contains sensitive informati ...)
NOT-FOR-US: IBM
CVE-2022-22459
RESERVED
-CVE-2022-22458
- RESERVED
-CVE-2022-22457
- RESERVED
-CVE-2022-22456
- RESERVED
+CVE-2022-22458 (IBM Security Verify Governance, Identity Manager 10.0.1 stores user cr ...)
+ TODO: check
+CVE-2022-22457 (IBM Security Verify Governance, Identity Manager 10.0.1 stores sensiti ...)
+ TODO: check
+CVE-2022-22456 (IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable ...)
+ TODO: check
CVE-2022-22455 (IBM Security Verify Governance Identity Manager 10.0 virtual appliance ...)
NOT-FOR-US: IBM
CVE-2022-22454 (IBM InfoSphere Information Server 11.7 could allow a locally authentic ...)
@@ -79925,8 +79996,8 @@ CVE-2022-22186 (Due to an Improper Initialization vulnerability in Juniper Netwo
NOT-FOR-US: Juniper
CVE-2022-22185 (A vulnerability in Juniper Networks Junos OS on SRX Series, allows a n ...)
NOT-FOR-US: Juniper
-CVE-2022-22184
- RESERVED
+CVE-2022-22184 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...)
+ TODO: check
CVE-2022-22183 (An Improper Access Control vulnerability in Juniper Networks Junos OS ...)
NOT-FOR-US: Juniper
CVE-2022-22182 (A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos O ...)
@@ -117474,8 +117545,8 @@ CVE-2021-32693 (Symfony is a PHP framework for web and console applications and
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq
NOTE: Fixed by: https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728 (v5.3.2)
NOTE: https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one
-CVE-2021-32692
- RESERVED
+CVE-2021-32692 (Activity Watch is a free and open-source automated time tracker. Versi ...)
+ TODO: check
CVE-2021-32691 (Apollos Apps is an open source platform for launching church-related a ...)
NOT-FOR-US: Apollo Apps
CVE-2021-32690 (Helm is a tool for managing Charts (packages of pre-configured Kuberne ...)
@@ -165851,8 +165922,8 @@ CVE-2020-26304
RESERVED
CVE-2020-26303
RESERVED
-CVE-2020-26302
- RESERVED
+CVE-2020-26302 (is.js is a general-purpose check library. Versions 0.9.0 and prior con ...)
+ TODO: check
CVE-2020-26301 (ssh2 is client and server modules written in pure JavaScript for node. ...)
NOT-FOR-US: Node ssh2
CVE-2020-26300 (systeminformation is an npm package that provides system and OS inform ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d620fb985901312d1fee383d4a7c92fed944a8c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d620fb985901312d1fee383d4a7c92fed944a8c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221223/4758a852/attachment.htm>