[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 28 20:10:29 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99b910c0 by security tracker role at 2022-12-28T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,143 @@
+CVE-2022-4817 (A vulnerability was found in centic9 jgit-cookbook. It has been declar ...)
+ TODO: check
+CVE-2022-4816
+ RESERVED
+CVE-2022-4815
+ RESERVED
+CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
+ TODO: check
+CVE-2022-4813 (Insufficient Granularity of Access Control in GitHub repository usemem ...)
+ TODO: check
+CVE-2022-4812 (Comparison of Object References Instead of Object Contents in GitHub r ...)
+ TODO: check
+CVE-2022-4811 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...)
+ TODO: check
+CVE-2022-4810 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
+ TODO: check
+CVE-2022-4809 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
+ TODO: check
+CVE-2022-4808 (Improper Privilege Management in GitHub repository usememos/memos prio ...)
+ TODO: check
+CVE-2022-4807 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
+ TODO: check
+CVE-2022-4806 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
+ TODO: check
+CVE-2022-4805 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...)
+ TODO: check
+CVE-2022-4804 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...)
+ TODO: check
+CVE-2022-4803 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
+ TODO: check
+CVE-2022-4802 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...)
+ TODO: check
+CVE-2022-4801 (Insufficient Granularity of Access Control in GitHub repository usemem ...)
+ TODO: check
+CVE-2022-4800 (Improper Verification of Source of a Communication Channel in GitHub r ...)
+ TODO: check
+CVE-2022-47990
+ RESERVED
+CVE-2022-4799 (Improper Authentication in GitHub repository usememos/memos prior to 0 ...)
+ TODO: check
+CVE-2022-47989
+ RESERVED
+CVE-2022-47988
+ RESERVED
+CVE-2022-47987
+ RESERVED
+CVE-2022-47986
+ RESERVED
+CVE-2022-47985
+ RESERVED
+CVE-2022-47984
+ RESERVED
+CVE-2022-47983
+ RESERVED
+CVE-2022-47982
+ RESERVED
+CVE-2022-47981
+ RESERVED
+CVE-2022-47980
+ RESERVED
+CVE-2022-4798 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...)
+ TODO: check
+CVE-2022-47979
+ RESERVED
+CVE-2022-47978
+ RESERVED
+CVE-2022-47977
+ RESERVED
+CVE-2022-47976
+ RESERVED
+CVE-2022-47975
+ RESERVED
+CVE-2022-47974
+ RESERVED
+CVE-2022-4797 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
+ TODO: check
+CVE-2022-4796 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...)
+ TODO: check
+CVE-2022-4795
+ RESERVED
+CVE-2022-4794
+ RESERVED
+CVE-2022-4793
+ RESERVED
+CVE-2022-4792
+ RESERVED
+CVE-2022-4791
+ RESERVED
+CVE-2022-4790
+ RESERVED
+CVE-2022-4789
+ RESERVED
+CVE-2022-4788
+ RESERVED
+CVE-2022-4787
+ RESERVED
+CVE-2022-4786
+ RESERVED
+CVE-2022-4785
+ RESERVED
+CVE-2022-4784
+ RESERVED
+CVE-2022-4783
+ RESERVED
+CVE-2022-4782
+ RESERVED
+CVE-2022-4781
+ RESERVED
+CVE-2022-4780 (ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credential ...)
+ TODO: check
+CVE-2022-4779 (StreamX applications from versions 6.02.01 to 6.04.34 are affected by ...)
+ TODO: check
+CVE-2022-4778 (StreamX applications from versions 6.02.01 to 6.04.34 are affected by ...)
+ TODO: check
+CVE-2021-46868
+ RESERVED
+CVE-2021-46867
+ RESERVED
+CVE-2021-4294 (A vulnerability was found in OpenShift OSIN. It has been classified as ...)
+ TODO: check
+CVE-2021-4293 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
+ TODO: check
+CVE-2019-25092 (A vulnerability classified as problematic was found in Nakiami Mellivo ...)
+ TODO: check
+CVE-2018-25056 (A vulnerability, which was classified as problematic, was found in yol ...)
+ TODO: check
+CVE-2018-25055 (A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It ha ...)
+ TODO: check
+CVE-2018-25054 (A vulnerability was found in shred cilla. It has been classified as pr ...)
+ TODO: check
+CVE-2018-25053 (A vulnerability was found in moappi Json2html up to 1.1.x and classifi ...)
+ TODO: check
+CVE-2018-25052 (A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 a ...)
+ TODO: check
+CVE-2018-25051 (A vulnerability, which was classified as problematic, was found in JmP ...)
+ TODO: check
+CVE-2018-25050 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2017-20150 (A vulnerability was found in challenge website. It has been rated as c ...)
+ TODO: check
CVE-2022-XXXX [RUSTSEC-2022-0074]
- rust-prettytable-rs <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0074.html
@@ -5287,8 +5427,8 @@ CVE-2022-46742 (Code injection in paddle.audio.functional.get_window in PaddlePa
NOT-FOR-US: PaddlePaddle
CVE-2022-46741 (Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. ...)
NOT-FOR-US: PaddlePaddle
-CVE-2022-46740
- RESERVED
+CVE-2022-46740 (There is a denial of service vulnerability in the Wi-Fi module of the ...)
+ TODO: check
CVE-2022-46728
RESERVED
CVE-2022-46727
@@ -7761,8 +7901,8 @@ CVE-2022-45877 (OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN
NOT-FOR-US: OpenHarmony
CVE-2022-45875
RESERVED
-CVE-2022-45874
- RESERVED
+CVE-2022-45874 (Huawei Aslan Children's Watch has an improper authorization vulnerabil ...)
+ TODO: check
CVE-2022-45126
RESERVED
CVE-2022-45118 (OpenHarmony-v3.1.2 and prior versions had a vulnerability that telepho ...)
@@ -10107,8 +10247,8 @@ CVE-2022-3924
RESERVED
CVE-2022-3923
RESERVED
-CVE-2022-3922
- RESERVED
+CVE-2022-3922 (The Broken Link Checker WordPress plugin before 1.11.20 does not sanit ...)
+ TODO: check
CVE-2022-45134
RESERVED
CVE-2022-45133
@@ -12696,8 +12836,8 @@ CVE-2022-44566
RESERVED
CVE-2022-44565 (An improper access validation vulnerability exists in airMAX AC <8. ...)
TODO: check
-CVE-2022-44564
- RESERVED
+CVE-2022-44564 (Huawei Aslan Children's Watch has a path traversal vulnerability. Succ ...)
+ TODO: check
CVE-2022-3811
RESERVED
CVE-2022-3810 (A vulnerability was found in Axiomatic Bento4. It has been classified ...)
@@ -22253,8 +22393,8 @@ CVE-2022-41581 (The HW_KEYMASTER module has a vulnerability of not verifying the
NOT-FOR-US: Huawei
CVE-2022-41580 (The HW_KEYMASTER module has a vulnerability of not verifying the data ...)
NOT-FOR-US: Huawei
-CVE-2022-41579
- RESERVED
+CVE-2022-41579 (There is an insufficient authentication vulnerability in some Huawei b ...)
+ TODO: check
CVE-2022-41578 (The MPTCP module has an out-of-bounds write vulnerability.Successful e ...)
NOT-FOR-US: Huawei
CVE-2022-41577 (The kernel server has a vulnerability of not verifying the length of t ...)
@@ -28859,8 +28999,8 @@ CVE-2022-39014 (Under certain conditions SAP BusinessObjects Business Intelligen
NOT-FOR-US: SAP
CVE-2022-39013 (Under certain conditions an authenticated attacker can get access to O ...)
NOT-FOR-US: SAP
-CVE-2022-39012
- RESERVED
+CVE-2022-39012 (Huawei Aslan Children's Watch has an improper input validation vulnera ...)
+ TODO: check
CVE-2022-39011 (The HISP module has a vulnerability of bypassing the check of the data ...)
NOT-FOR-US: Huawei
CVE-2022-39010 (The HwChrService module has a vulnerability in permission control. Suc ...)
@@ -31351,8 +31491,8 @@ CVE-2022-38204
RESERVED
CVE-2022-38203
RESERVED
-CVE-2022-38202
- RESERVED
+CVE-2022-38202 (There is a path traversal vulnerability in Esri ArcGIS Server versions ...)
+ TODO: check
CVE-2022-38201 (An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS ...)
NOT-FOR-US: Esri Portal for ArcGIS Quick Capture Web Designer
CVE-2022-38200 (A cross site scripting vulnerability exists in some map service config ...)
@@ -72289,7 +72429,8 @@ CVE-2022-23969
RESERVED
CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware before 2022-0 ...)
NOT-FOR-US: Xerox
-CVE-2022-23967 (In TightVNC 1.3.10, there is an integer signedness error and resultant ...)
+CVE-2022-23967
+ REJECTED
- tightvnc 1:1.3.9-9.1 (bug #1007239)
[buster] - tightvnc 1:1.3.9-9deb10u1
[stretch] - tightvnc 1:1.3.9-9+deb9u1
@@ -73860,10 +74001,10 @@ CVE-2022-23556 (CodeIgniter is a PHP full-stack web framework. This vulnerabilit
- codeigniter <itp> (bug #471583)
CVE-2022-23555 (authentik is an open-source Identity Provider focused on flexibility a ...)
TODO: check
-CVE-2022-23554
- RESERVED
-CVE-2022-23553
- RESERVED
+CVE-2022-23554 (Alpine is a scaffolding library in Java. Alpine prior to version 1.10. ...)
+ TODO: check
+CVE-2022-23553 (Alpine is a scaffolding library in Java. Alpine prior to version 1.10. ...)
+ TODO: check
CVE-2022-23552
RESERVED
CVE-2022-23551 (aad-pod-identity assigns Azure Active Directory identities to Kubernet ...)
@@ -92375,7 +92516,8 @@ CVE-2022-20533 (In getSlice of WifiSlice.java, there is a possible way to connec
NOT-FOR-US: Android
CVE-2022-20532
RESERVED
-CVE-2022-20531 (In placeCall of TelecomManager.java, there is a possible way to determ ...)
+CVE-2022-20531
+ REJECTED
NOT-FOR-US: Android
CVE-2022-20530 (In strings.xml, there is a possible permission bypass due to a mislead ...)
NOT-FOR-US: Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99b910c03c0e5159500bae112c191ae01ce365e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99b910c03c0e5159500bae112c191ae01ce365e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221228/4c398d12/attachment.htm>
More information about the debian-security-tracker-commits
mailing list