[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4eb03e48 by security tracker role at 2022-12-25T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2022-4735 (A vulnerability classified as problematic was found in asrashley dash- ...)
+	TODO: check
+CVE-2021-4278 (A vulnerability classified as problematic has been found in cronvel tr ...)
+	TODO: check
+CVE-2019-25084 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
 CVE-2022-47952
 	RESERVED
 CVE-2022-47951
@@ -16,8 +22,8 @@ CVE-2022-4733 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/
 	NOT-FOR-US: OpenEMR
 CVE-2022-4732 (Unrestricted Upload of File with Dangerous Type in GitHub repository m ...)
 	NOT-FOR-US: microweber
-CVE-2022-4731
-	RESERVED
+CVE-2022-4731 (A vulnerability, which was classified as problematic, was found in mya ...)
+	TODO: check
 CVE-2022-4730 (A vulnerability was found in Graphite Web. It has been classified as p ...)
 	- graphite-web <unfixed>
 	NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
@@ -39,16 +45,16 @@ CVE-2022-4726 (A vulnerability classified as critical was found in SourceCodeste
 	NOT-FOR-US: SourceCodester Sanitization Management System
 CVE-2022-4725 (A vulnerability was found in AWS SDK 2.59.0. It has been rated as crit ...)
 	TODO: check
-CVE-2021-4277
-	RESERVED
-CVE-2021-4276
-	RESERVED
-CVE-2020-36629
-	RESERVED
-CVE-2020-36628
-	RESERVED
-CVE-2020-36627
-	RESERVED
+CVE-2021-4277 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2021-4276 (** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability was fou ...)
+	TODO: check
+CVE-2020-36629 (A vulnerability classified as critical was found in SimbCo httpster. T ...)
+	TODO: check
+CVE-2020-36628 (A vulnerability classified as critical has been found in Calsign APDE. ...)
+	TODO: check
+CVE-2020-36627 (A vulnerability was found in Macaron i18n. It has been declared as pro ...)
+	TODO: check
 CVE-2020-36626 (A vulnerability classified as critical has been found in Modern Tribe  ...)
 	NOT-FOR-US: Modern Tribe Panel Builder Plugin
 CVE-2022-47946 (An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A  ...)
@@ -22755,16 +22761,14 @@ CVE-2022-41322 (In Kitty before 0.26.2, insufficient validation in the desktop n
 	[bullseye] - kitty <no-dsa> (Minor issue)
 	[buster] - kitty <no-dsa> (Minor issue)
 	NOTE: https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f (v0.26.2)
-CVE-2022-41318 [Buffer Over Read in SSPI and SMB Authentication]
-	RESERVED
+CVE-2022-41318 (A buffer over-read was discovered in libntlmauth in Squid 2.5 through  ...)
 	{DSA-5258-1 DLA-3151-1}
 	- squid 5.7-1 (bug #1020586)
 	- squid3 <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/2
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch
 	NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch (5.7)
-CVE-2022-41317 [Exposure of Sensitive Information in Cache Manager]
-	RESERVED
+CVE-2022-41317 (An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5. ...)
 	{DSA-5258-1 DLA-3151-1}
 	- squid 5.7-1 (bug #1020587)
 	- squid3 <removed>
@@ -25891,8 +25895,8 @@ CVE-2022-40007
 	RESERVED
 CVE-2022-40006
 	RESERVED
-CVE-2022-40005
-	RESERVED
+CVE-2022-40005 (Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command inject ...)
+	TODO: check
 CVE-2022-40004 (Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows  ...)
 	NOT-FOR-US: Things Board
 CVE-2022-40003
@@ -32216,8 +32220,7 @@ CVE-2022-37708
 	RESERVED
 CVE-2022-37707
 	RESERVED
-CVE-2022-37706
-	RESERVED
+CVE-2022-37706 (enlightenment_sys in Enlightenment before 0.25.4 allows local users to ...)
 	{DSA-5233-1 DLA-3115-1}
 	- e17 0.25.4-1
 	NOTE: https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eb03e489c2259e423ad31d94c90e35284d16894

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eb03e489c2259e423ad31d94c90e35284d16894
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221225/e09da8ac/attachment-0001.htm>