[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19700527 by security tracker role at 2022-11-03T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2022-44643
+	RESERVED
+CVE-2022-44642
+	RESERVED
+CVE-2022-44641
+	RESERVED
+CVE-2022-44640
+	RESERVED
+CVE-2022-44639
+	RESERVED
+CVE-2022-44638 (In libpixman in Pixman before 0.42.2, there is an out-of-bounds write  ...)
+	TODO: check
+CVE-2022-44637
+	RESERVED
+CVE-2022-44636
+	RESERVED
+CVE-2022-3846
+	RESERVED
+CVE-2022-3845 (A vulnerability has been found in phpipam and classified as problemati ...)
+	TODO: check
+CVE-2022-3844 (A vulnerability, which was classified as problematic, was found in Web ...)
+	TODO: check
+CVE-2021-46853 (Alpine before 2.25 allows remote attackers to cause a denial of servic ...)
+	TODO: check
 CVE-2022-44635
 	RESERVED
 CVE-2022-44634
@@ -113,8 +137,8 @@ CVE-2022-3813 (A vulnerability classified as problematic has been found in Axiom
 	NOT-FOR-US: Bento4
 CVE-2022-3812 (A vulnerability was found in Axiomatic Bento4. It has been rated as pr ...)
 	NOT-FOR-US: Bento4
-CVE-2020-36608
-	RESERVED
+CVE-2020-36608 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
 CVE-2023-20903
 	RESERVED
 CVE-2023-20902
@@ -253,8 +277,8 @@ CVE-2022-44588
 	RESERVED
 CVE-2022-44587
 	RESERVED
-CVE-2022-44586
-	RESERVED
+CVE-2022-44586 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiL ...)
+	TODO: check
 CVE-2022-44585
 	RESERVED
 CVE-2022-44584
@@ -273,8 +297,8 @@ CVE-2022-44578
 	RESERVED
 CVE-2022-44577
 	RESERVED
-CVE-2022-44576
-	RESERVED
+CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Agen ...)
+	TODO: check
 CVE-2022-44575
 	RESERVED
 CVE-2022-44574
@@ -5710,12 +5734,12 @@ CVE-2022-43070
 	RESERVED
 CVE-2022-43069
 	RESERVED
-CVE-2022-43068
-	RESERVED
+CVE-2022-43068 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
+	TODO: check
 CVE-2022-43067
 	RESERVED
-CVE-2022-43066
-	RESERVED
+CVE-2022-43066 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
+	TODO: check
 CVE-2022-43065
 	RESERVED
 CVE-2022-43064
@@ -5933,12 +5957,14 @@ CVE-2022-3557
 	RESERVED
 CVE-2022-3556
 	RESERVED
-CVE-2022-3555 (A vulnerability was found in X.org libX11 and classified as problemati ...)
+CVE-2022-3555
+	REJECTED
 	- libx11 2:1.7.4-1
 	[bullseye] - libx11 <no-dsa> (Minor issue)
 	[buster] - libx11 <postponed> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/8a368d808fec166b5fb3dfe6312aab22c7ee20af (libX11-1.7.4)
-CVE-2022-3554 (A vulnerability has been found in X.org libX11 and classified as probl ...)
+CVE-2022-3554
+	REJECTED
 	- libx11 <unfixed> (bug #1022560)
 	[bullseye] - libx11 <no-dsa> (Minor issue)
 	[buster] - libx11 <postponed> (Minor issue)
@@ -6812,10 +6838,12 @@ CVE-2022-42733
 CVE-2022-42732
 	RESERVED
 CVE-2022-3444 (Insufficient data validation in File System API in Google Chrome prior ...)
+	{DSA-5244-1}
 	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	NOTE: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
 CVE-2022-3443 (Insufficient data validation in File System API in Google Chrome prior ...)
+	{DSA-5244-1}
 	- chromium 106.0.5249.61-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	NOTE: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
@@ -12222,8 +12250,8 @@ CVE-2022-40503
 	RESERVED
 CVE-2022-40502
 	RESERVED
-CVE-2022-3181
-	RESERVED
+CVE-2022-3181 (An Improper Input Validation vulnerability exists in Trihedral VTScada ...)
+	TODO: check
 CVE-2022-3180
 	RESERVED
 CVE-2022-3179 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
@@ -17470,8 +17498,7 @@ CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's
 	[bullseye] - linux 5.10.140-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1
-CVE-2022-2904
-	RESERVED
+CVE-2022-2904 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
 	- gitlab <unfixed>
 CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialis ...)
 	NOT-FOR-US: WordPress plugin
@@ -55611,8 +55638,8 @@ CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF attac
 	- jspwiki <removed>
 CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC  ...)
 	NOT-FOR-US: Mitsubishi
-CVE-2022-24945
-	RESERVED
+CVE-2022-24945 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
+	TODO: check
 CVE-2022-24944
 	RESERVED
 CVE-2022-24943



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1970052743466cf34d22739843f1290c03689346

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1970052743466cf34d22739843f1290c03689346
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221103/00b136d2/attachment-0001.htm>