[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 23 20:10:44 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
67096990 by security tracker role at 2022-12-23T20:10:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,32 +1,98 @@
-CVE-2022-47943 [ksmbd: prevent out of bound read for SMB2_WRITE]
+CVE-2022-47937
+ RESERVED
+CVE-2022-47936
+ RESERVED
+CVE-2022-47935
+ RESERVED
+CVE-2022-4710
+ RESERVED
+CVE-2022-4709
+ RESERVED
+CVE-2022-4708
+ RESERVED
+CVE-2022-4707
+ RESERVED
+CVE-2022-4706
+ RESERVED
+CVE-2022-4705
+ RESERVED
+CVE-2022-4704
+ RESERVED
+CVE-2022-4703
+ RESERVED
+CVE-2022-4702
+ RESERVED
+CVE-2022-4701
+ RESERVED
+CVE-2022-4700
+ RESERVED
+CVE-2022-4699
+ RESERVED
+CVE-2022-4698 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2022-4697 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2022-4696
+ RESERVED
+CVE-2022-4695 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
+ TODO: check
+CVE-2022-4694 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
+ TODO: check
+CVE-2022-4693
+ RESERVED
+CVE-2022-4692 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
+ TODO: check
+CVE-2022-4691 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
+ TODO: check
+CVE-2022-4690 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
+ TODO: check
+CVE-2022-4689 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
+ TODO: check
+CVE-2022-4688 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...)
+ TODO: check
+CVE-2022-4687 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...)
+ TODO: check
+CVE-2022-4686 (Improper Authentication in GitHub repository usememos/memos prior to 0 ...)
+ TODO: check
+CVE-2022-4685 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
+ TODO: check
+CVE-2022-4684 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
+ TODO: check
+CVE-2022-4683 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
+ TODO: check
+CVE-2022-4682
+ RESERVED
+CVE-2022-4681
+ RESERVED
+CVE-2022-47943 (An issue was discovered in ksmbd in the Linux kernel before 5.19.2. Th ...)
- linux 5.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ac60778b87e45576d7bfdbd6f53df902654e6f09 (6.0-rc1)
-CVE-2022-47942 [ksmbd: fix heap-based overflow in set_ntacl_dacl()]
+CVE-2022-47942 (An issue was discovered in ksmbd in the Linux kernel before 5.19.2. Th ...)
- linux 5.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8f0541186e9ad1b62accc9519cc2b7a7240272a7 (6.0-rc1)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17771/
-CVE-2022-47941 [ksmbd: fix memory leak in smb2_handle_negotiate]
+CVE-2022-47941 (An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs ...)
- linux 5.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/aa7253c2393f6dcd6a1468b0792f6da76edad917 (6.0-rc1)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17815/
-CVE-2022-47940 [ksmbd: validate length in smb2_write()]
+CVE-2022-47940 (An issue was discovered in ksmbd in the Linux kernel before 5.18.18. f ...)
- linux 5.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/158a66b245739e15858de42c0ba60fcf3de9b8e6 (5.19-rc1)
-CVE-2022-47939 [ksmbd: fix use-after-free bug in smb2_tree_disconect]
+CVE-2022-47939 (An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs ...)
- linux 5.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cf6531d98190fa2cf92a6d8bbc8af0a4740a223c (6.0-rc1)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17816
-CVE-2022-47938 [ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT]
+CVE-2022-47938 (An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs ...)
- linux 5.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1218,8 +1284,8 @@ CVE-2022-47526
RESERVED
CVE-2022-47525
RESERVED
-CVE-2022-47524
- RESERVED
+CVE-2022-47524 (F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homog ...)
+ TODO: check
CVE-2022-47523
RESERVED
CVE-2022-4607 (A vulnerability was found in 3D City Database OGC Web Feature Service ...)
@@ -5039,10 +5105,10 @@ CVE-2022-46644
RESERVED
CVE-2022-46643
RESERVED
-CVE-2022-46642
- RESERVED
-CVE-2022-46641
- RESERVED
+CVE-2022-46642 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command injecti ...)
+ TODO: check
+CVE-2022-46641 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command injecti ...)
+ TODO: check
CVE-2022-46640
RESERVED
CVE-2022-46639
@@ -5183,28 +5249,28 @@ CVE-2022-46572
RESERVED
CVE-2022-46571
RESERVED
-CVE-2022-46570
- RESERVED
-CVE-2022-46569
- RESERVED
-CVE-2022-46568
- RESERVED
+CVE-2022-46570 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+ TODO: check
+CVE-2022-46569 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+ TODO: check
+CVE-2022-46568 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+ TODO: check
CVE-2022-46567
RESERVED
-CVE-2022-46566
- RESERVED
+CVE-2022-46566 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+ TODO: check
CVE-2022-46565
RESERVED
CVE-2022-46564
RESERVED
-CVE-2022-46563
- RESERVED
-CVE-2022-46562
- RESERVED
-CVE-2022-46561
- RESERVED
-CVE-2022-46560
- RESERVED
+CVE-2022-46563 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+ TODO: check
+CVE-2022-46562 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+ TODO: check
+CVE-2022-46561 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+ TODO: check
+CVE-2022-46560 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...)
+ TODO: check
CVE-2022-46559
RESERVED
CVE-2022-46558
@@ -6539,8 +6605,8 @@ CVE-2022-46173
RESERVED
CVE-2022-46172
RESERVED
-CVE-2022-46171
- RESERVED
+CVE-2022-46171 (Tauri is a framework for building binaries for all major desktop platf ...)
+ TODO: check
CVE-2022-46170 (CodeIgniter is a PHP full-stack web framework. When an application use ...)
- codeigniter <itp> (bug #471583)
CVE-2022-46169 (Cacti is an open source platform which provides a robust and extensibl ...)
@@ -7671,38 +7737,38 @@ CVE-2022-45723
RESERVED
CVE-2022-45722
RESERVED
-CVE-2022-45721
- RESERVED
-CVE-2022-45720
- RESERVED
-CVE-2022-45719
- RESERVED
-CVE-2022-45718
- RESERVED
-CVE-2022-45717
- RESERVED
-CVE-2022-45716
- RESERVED
-CVE-2022-45715
- RESERVED
-CVE-2022-45714
- RESERVED
+CVE-2022-45721 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...)
+ TODO: check
+CVE-2022-45720 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffe ...)
+ TODO: check
+CVE-2022-45719 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...)
+ TODO: check
+CVE-2022-45718 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...)
+ TODO: check
+CVE-2022-45717 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a command inje ...)
+ TODO: check
+CVE-2022-45716 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...)
+ TODO: check
+CVE-2022-45715 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffe ...)
+ TODO: check
+CVE-2022-45714 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...)
+ TODO: check
CVE-2022-45713
RESERVED
-CVE-2022-45712
- RESERVED
-CVE-2022-45711
- RESERVED
-CVE-2022-45710
- RESERVED
-CVE-2022-45709
- RESERVED
-CVE-2022-45708
- RESERVED
-CVE-2022-45707
- RESERVED
-CVE-2022-45706
- RESERVED
+CVE-2022-45712 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...)
+ TODO: check
+CVE-2022-45711 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a command inje ...)
+ TODO: check
+CVE-2022-45710 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffe ...)
+ TODO: check
+CVE-2022-45709 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple comma ...)
+ TODO: check
+CVE-2022-45708 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...)
+ TODO: check
+CVE-2022-45707 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...)
+ TODO: check
+CVE-2022-45706 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...)
+ TODO: check
CVE-2022-45705
RESERVED
CVE-2022-45704
@@ -12173,12 +12239,12 @@ CVE-2022-44569
RESERVED
CVE-2022-44568
RESERVED
-CVE-2022-44567
- RESERVED
+CVE-2022-44567 (A command injection vulnerability exists in Rocket.Chat-Desktop <3. ...)
+ TODO: check
CVE-2022-44566
RESERVED
-CVE-2022-44565
- RESERVED
+CVE-2022-44565 (An improper access validation vulnerability exists in airMAX AC <8. ...)
+ TODO: check
CVE-2022-44564
RESERVED
CVE-2022-3811
@@ -16388,8 +16454,7 @@ CVE-2022-43552 [HTTP Proxy deny use-after-free]
NOTE: Introduced by (telnet): https://github.com/curl/curl/commit/b7eeb6e67fca686f840eacd6b8394edb58b07482 (curl-7_16_0)
NOTE: Introduced by (smb): https://github.com/curl/curl/commit/aec2e865f06669b9cb5d26cc1148d70bc418b163 (curl-7_40_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2 (curl-7_87_0)
-CVE-2022-43551 [Another HSTS bypass via IDN]
- RESERVED
+CVE-2022-43551 (A vulnerability exists in curl <7.87.0 HSTS check that could be byp ...)
- curl 7.86.0-3 (bug #1026829)
NOTE: https://curl.se/docs/CVE-2022-43551.html
NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0)
@@ -16979,10 +17044,10 @@ CVE-2022-43383
RESERVED
CVE-2022-43382 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with eleva ...)
NOT-FOR-US: IBM
-CVE-2022-43381
- RESERVED
-CVE-2022-43380
- RESERVED
+CVE-2022-43381 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local ...)
+ TODO: check
+CVE-2022-43380 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
+ TODO: check
CVE-2022-43379
RESERVED
CVE-2022-42496 (OS command injection vulnerability in Nako3edit, editor component of n ...)
@@ -25159,8 +25224,8 @@ CVE-2022-40235 ("IBM InfoSphere Information Server 11.7 could allow a user to ca
NOT-FOR-US: IBM
CVE-2022-40234 (Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1 ...)
NOT-FOR-US: IBM
-CVE-2022-40233
- RESERVED
+CVE-2022-40233 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
+ TODO: check
CVE-2022-40232
RESERVED
CVE-2022-40231
@@ -27770,8 +27835,8 @@ CVE-2022-39167
RESERVED
CVE-2022-39166 (IBM Security Guardium 11.4 could allow a privileged user to obtain sen ...)
NOT-FOR-US: IBM
-CVE-2022-39165
- RESERVED
+CVE-2022-39165 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local ...)
+ TODO: check
CVE-2022-39164
RESERVED
CVE-2022-39163
@@ -28958,8 +29023,8 @@ CVE-2022-38759
RESERVED
CVE-2022-38758
RESERVED
-CVE-2022-38757
- RESERVED
+CVE-2022-38757 (A vulnerability has been identified in Micro Focus ZENworks 2020 Updat ...)
+ TODO: check
CVE-2022-38756 (A vulnerability has been identified in Micro Focus GroupWise Web in ve ...)
NOT-FOR-US: Micro Focus
CVE-2022-38755 (A vulnerability has been identified in Micro Focus Filr in versions pr ...)
@@ -73284,8 +73349,8 @@ CVE-2022-23549
RESERVED
CVE-2022-23548
RESERVED
-CVE-2022-23547
- RESERVED
+CVE-2022-23547 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2022-23546
RESERVED
CVE-2022-23545
@@ -115107,6 +115172,7 @@ CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a b
[stretch] - linux <ignored> (Too risky to backport, and mitigated by default)
NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1
CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...)
+ {DLA-3247-1}
- node-trim-newlines 3.0.0+~3.0.0-1
[bullseye] - node-trim-newlines 3.0.0-1+deb11u1
[stretch] - node-trim-newlines <end-of-life> (Nodejs in stretch not covered by security support)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/670969909ee0dcc9443b01db6e4cdb9d092d751d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/670969909ee0dcc9443b01db6e4cdb9d092d751d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221223/bbe496f2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list