[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 3 20:13:14 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b5267fa by security tracker role at 2022-11-03T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-44664
+ RESERVED
+CVE-2022-44663
+ RESERVED
+CVE-2022-44662
+ RESERVED
+CVE-2022-44661
+ RESERVED
+CVE-2022-44660
+ RESERVED
+CVE-2022-44659
+ RESERVED
+CVE-2022-44658
+ RESERVED
+CVE-2022-44657
+ RESERVED
+CVE-2022-44656
+ RESERVED
+CVE-2022-44655
+ RESERVED
+CVE-2022-44654
+ RESERVED
+CVE-2022-44653
+ RESERVED
+CVE-2022-44652
+ RESERVED
+CVE-2022-44651
+ RESERVED
+CVE-2022-44650
+ RESERVED
+CVE-2022-44649
+ RESERVED
+CVE-2022-44648
+ RESERVED
+CVE-2022-44647
+ RESERVED
+CVE-2022-44646 (In JetBrains TeamCity version before 2022.10, no audit items were adde ...)
+ TODO: check
+CVE-2022-44645
+ RESERVED
+CVE-2022-44644
+ RESERVED
+CVE-2022-3853
+ RESERVED
+CVE-2022-3852 (The VR Calendar plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2022-3851
+ RESERVED
+CVE-2022-3850
+ RESERVED
+CVE-2022-3849
+ RESERVED
+CVE-2022-3848
+ RESERVED
+CVE-2022-3847
+ RESERVED
CVE-2022-44643
RESERVED
CVE-2022-44642
@@ -49,12 +105,12 @@ CVE-2022-44626
RESERVED
CVE-2022-44625
RESERVED
-CVE-2022-44624
- RESERVED
-CVE-2022-44623
- RESERVED
-CVE-2022-44622
- RESERVED
+CVE-2022-44624 (In JetBrains TeamCity version before 2022.10, Password parameters coul ...)
+ TODO: check
+CVE-2022-44623 (In JetBrains TeamCity version before 2022.10, Project Viewer could see ...)
+ TODO: check
+CVE-2022-44622 (In JetBrains TeamCity version between 2021.2 and 2022.10 access permis ...)
+ TODO: check
CVE-2022-44621
RESERVED
CVE-2022-44618
@@ -377,7 +433,8 @@ CVE-2022-3790 (A vulnerability was found in Flipbook Plugin and classified as pr
NOT-FOR-US: Flipbook Plugin
CVE-2022-3789 (A vulnerability has been found in Tim Campus Confession Wall and class ...)
NOT-FOR-US: Tim Campus Confession Wall
-CVE-2022-3788 (A vulnerability, which was classified as problematic, was found in Tab ...)
+CVE-2022-3788
+ REJECTED
NOT-FOR-US: TablePress Plugin
CVE-2022-3787
RESERVED
@@ -640,8 +697,8 @@ CVE-2022-3778
RESERVED
CVE-2022-3777
RESERVED
-CVE-2022-3776
- RESERVED
+CVE-2022-3776 (The Restaurant Menu – Food Ordering System – Table Reserva ...)
+ TODO: check
CVE-2022-3775
RESERVED
CVE-2022-3774 (A vulnerability was found in SourceCodester Train Scheduler App 1.0 an ...)
@@ -4204,8 +4261,8 @@ CVE-2022-3677
RESERVED
CVE-2022-3676 (In Eclipse Openj9 before version 0.35.0, interface calls can be inline ...)
NOT-FOR-US: Eclipse Openj9
-CVE-2022-3675
- RESERVED
+CVE-2022-3675 (Fedora CoreOS supports setting a GRUB bootloader password using a Buta ...)
+ TODO: check
CVE-2022-3674 (A vulnerability has been found in SourceCodester Sanitization Manageme ...)
NOT-FOR-US: SourceCodester Sanitization Management System
CVE-2022-3673 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -4908,8 +4965,8 @@ CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtif
- tiff 4.4.0-5 (bug #1022555)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/413
-CVE-2021-46846
- RESERVED
+CVE-2021-46846 (Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integ ...)
+ TODO: check
CVE-2020-36607
RESERVED
CVE-2016-20017 (D-Link DSL-2750B devices before 1.05 allow remote unauthenticated comm ...)
@@ -5121,8 +5178,8 @@ CVE-2022-43374
RESERVED
CVE-2022-43373
RESERVED
-CVE-2022-43372
- RESERVED
+CVE-2022-43372 (Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scri ...)
+ TODO: check
CVE-2022-43371
RESERVED
CVE-2022-43370
@@ -5680,24 +5737,24 @@ CVE-2022-43111
RESERVED
CVE-2022-43110
RESERVED
-CVE-2022-43109
- RESERVED
-CVE-2022-43108
- RESERVED
-CVE-2022-43107
- RESERVED
-CVE-2022-43106
- RESERVED
-CVE-2022-43105
- RESERVED
-CVE-2022-43104
- RESERVED
-CVE-2022-43103
- RESERVED
-CVE-2022-43102
- RESERVED
-CVE-2022-43101
- RESERVED
+CVE-2022-43109 (D-Link DIR-823G v1.0.2 was found to contain a command injection vulner ...)
+ TODO: check
+CVE-2022-43108 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-43107 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-43106 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-43105 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-43104 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-43103 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-43102 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-43101 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...)
+ TODO: check
CVE-2022-43100
RESERVED
CVE-2022-43099
@@ -6786,14 +6843,14 @@ CVE-2022-42755
RESERVED
CVE-2022-42754
RESERVED
-CVE-2022-42753
- RESERVED
+CVE-2022-42753 (SalonERP version 3.0.2 allows an external attacker to steal the cookie ...)
+ TODO: check
CVE-2022-42752
RESERVED
-CVE-2022-42751
- RESERVED
-CVE-2022-42750
- RESERVED
+CVE-2022-42751 (CandidATS version 3.0.0 allows an external attacker to elevate privile ...)
+ TODO: check
+CVE-2022-42750 (CandidATS version 3.0.0 allows an external attacker to steal the cooki ...)
+ TODO: check
CVE-2022-42749
RESERVED
CVE-2022-42748
@@ -9981,8 +10038,8 @@ CVE-2022-41437 (Billing System Project v1.0 was discovered to contain a remote c
NOT-FOR-US: Billing System Project
CVE-2022-41436 (An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to acc ...)
NOT-FOR-US: OXHOO
-CVE-2022-41435
- RESERVED
+CVE-2022-41435 (OpenWRT LuCI version git-22.140.66206-02913be was discovered to contai ...)
+ TODO: check
CVE-2022-41434
RESERVED
CVE-2022-41433
@@ -10491,8 +10548,8 @@ CVE-2022-3260
RESERVED
CVE-2022-3259
RESERVED
-CVE-2022-3258
- RESERVED
+CVE-2022-3258 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ TODO: check
CVE-2022-3257 (Mattermost version 7.1.x and earlier fails to sufficiently process a s ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-3256 (Use After Free in GitHub repository vim/vim prior to 9.0.0530. ...)
@@ -14832,8 +14889,8 @@ CVE-2022-39384
RESERVED
CVE-2022-39383
RESERVED
-CVE-2022-39382
- RESERVED
+CVE-2022-39382 (Keystone is a headless CMS for Node.js — built with GraphQL and ...)
+ TODO: check
CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF with js f ...)
TODO: check
CVE-2022-39380
@@ -14844,20 +14901,20 @@ CVE-2022-39378 (Discourse is a platform for community discussion. Under certain
TODO: check
CVE-2022-39377
RESERVED
-CVE-2022-39376
- RESERVED
-CVE-2022-39375
- RESERVED
+CVE-2022-39376 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
+ TODO: check
+CVE-2022-39375 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
+ TODO: check
CVE-2022-39374
RESERVED
-CVE-2022-39373
- RESERVED
-CVE-2022-39372
- RESERVED
-CVE-2022-39371
- RESERVED
-CVE-2022-39370
- RESERVED
+CVE-2022-39373 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
+ TODO: check
+CVE-2022-39372 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
+ TODO: check
+CVE-2022-39371 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
+ TODO: check
+CVE-2022-39370 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
+ TODO: check
CVE-2022-39369 (phpCAS is an authentication library that allows PHP applications to ea ...)
TODO: check
CVE-2022-39368
@@ -14954,8 +15011,8 @@ CVE-2022-39325
RESERVED
CVE-2022-39324
RESERVED
-CVE-2022-39323
- RESERVED
+CVE-2022-39323 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
+ TODO: check
CVE-2022-39322 (@keystone-6/core is a core package for Keystone 6, a content managemen ...)
TODO: check
CVE-2022-39321 (GitHub Actions Runner is the application that runs a job from a GitHub ...)
@@ -15070,10 +15127,10 @@ CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board which
NOT-FOR-US: discourse-chat plugin for Discourse
CVE-2022-39278 (Istio is an open platform-independent service mesh that provides traff ...)
NOT-FOR-US: Istio
-CVE-2022-39277
- RESERVED
-CVE-2022-39276
- RESERVED
+CVE-2022-39277 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
+ TODO: check
+CVE-2022-39276 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
+ TODO: check
CVE-2022-39275 (Saleor is a headless, GraphQL commerce platform. In affected versions ...)
NOT-FOR-US: Saleor
CVE-2022-39274 (LoRaMac-node is a reference implementation and documentation of a LoRa ...)
@@ -15106,8 +15163,8 @@ CVE-2022-39264 (nheko is a desktop client for the Matrix communication applicati
NOTE: https://github.com/Nheko-Reborn/nheko/commit/67bee15a389f9b8a9f6c3a340558d1e2319e7199 (v0.10.2)
CVE-2022-39263 (`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for Ne ...)
NOT-FOR-US: next-auth/upstash-redis-adapter
-CVE-2022-39262
- RESERVED
+CVE-2022-39262 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
+ TODO: check
CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x ...)
{DSA-5248-1 DLA-3147-1}
- php-twig 3.4.3-1 (bug #1020991)
@@ -15208,8 +15265,8 @@ CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaSc
NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3488
CVE-2022-39235
RESERVED
-CVE-2022-39234
- RESERVED
+CVE-2022-39234 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
+ TODO: check
CVE-2022-39233 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
NOT-FOR-US: Tuleap
CVE-2022-39232 (Discourse is an open source discussion platform. Starting with version ...)
@@ -19140,12 +19197,12 @@ CVE-2022-37931
RESERVED
CVE-2022-37930
RESERVED
-CVE-2022-37929
- RESERVED
-CVE-2022-37928
- RESERVED
-CVE-2022-37927
- RESERVED
+CVE-2022-37929 (Improper Privilege Management vulnerability in Hewlett Packard Enterpr ...)
+ TODO: check
+CVE-2022-37928 (Insufficient Verification of Data Authenticity vulnerability in Hewlet ...)
+ TODO: check
+CVE-2022-37927 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in H ...)
+ TODO: check
CVE-2022-37926
RESERVED
CVE-2022-37925
@@ -19196,16 +19253,16 @@ CVE-2022-37903
RESERVED
CVE-2022-37902
RESERVED
-CVE-2022-37901
- RESERVED
-CVE-2022-37900
- RESERVED
-CVE-2022-37899
- RESERVED
-CVE-2022-37898
- RESERVED
-CVE-2022-37897
- RESERVED
+CVE-2022-37901 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2022-37900 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2022-37899 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2022-37898 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
+ TODO: check
+CVE-2022-37897 (There is a command injection vulnerability that could lead to unauthen ...)
+ TODO: check
CVE-2022-37896 (A vulnerability in the Aruba InstantOS and ArubaOS 10 web management i ...)
NOT-FOR-US: Aruba
CVE-2022-37895 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...)
@@ -20215,8 +20272,8 @@ CVE-2022-2698 (A vulnerability was found in SourceCodester Simple E-Learning Sys
NOT-FOR-US: SourceCodester Simple E-Learning System
CVE-2022-2697 (A vulnerability was found in SourceCodester Simple E-Learning System. ...)
NOT-FOR-US: SourceCodester Simple E-Learning System
-CVE-2022-2696
- RESERVED
+CVE-2022-2696 (The Restaurant Menu – Food Ordering System – Table Reserva ...)
+ TODO: check
CVE-2022-2695 (The Beaver Builder – WordPress Page Builder for WordPress is vul ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2694 (A vulnerability was found in SourceCodester Company Website CMS and cl ...)
@@ -33991,8 +34048,8 @@ CVE-2022-32296 (The Linux kernel before 5.17.9 allows TCP servers to identify cl
- linux 5.17.11-1
[bullseye] - linux 5.10.127-1
NOTE: https://git.kernel.org/linus/4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 (5.18-rc6)
-CVE-2022-32287
- RESERVED
+CVE-2022-32287 (A relative path traversal vulnerability in a FileUtil class used by th ...)
+ TODO: check
CVE-2022-32286 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...)
NOT-FOR-US: Siemens
CVE-2022-32285 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...)
@@ -90775,7 +90832,7 @@ CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response inje
[stretch] - exim4 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://nostarttls.secvuln.info
NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt
-CVE-2021-38370 (In Alpine through 2.24, untagged responses from an IMAP server are acc ...)
+CVE-2021-38370 (In Alpine before 2.25, untagged responses from an IMAP server are acce ...)
- alpine 2.25+dfsg1-1 (bug #992171)
[bullseye] - alpine <no-dsa> (Minor issue)
[buster] - alpine <no-dsa> (Minor issue)
@@ -92389,8 +92446,8 @@ CVE-2021-37825
RESERVED
CVE-2021-37824
RESERVED
-CVE-2021-37823
- RESERVED
+CVE-2021-37823 (OpenCart 3.0.3.7 allows users to obtain database information or read s ...)
+ TODO: check
CVE-2021-37822
RESERVED
CVE-2021-37821
@@ -161432,12 +161489,12 @@ CVE-2020-22822
RESERVED
CVE-2020-22821
RESERVED
-CVE-2020-22820
- RESERVED
-CVE-2020-22819
- RESERVED
-CVE-2020-22818
- RESERVED
+CVE-2020-22820 (MKCMS V6.2 has SQL injection via the /ucenter/repass.php name paramete ...)
+ TODO: check
+CVE-2020-22819 (MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parame ...)
+ TODO: check
+CVE-2020-22818 (MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. ...)
+ TODO: check
CVE-2020-22817
RESERVED
CVE-2020-22816
@@ -163889,7 +163946,7 @@ CVE-2020-21690
CVE-2020-21689
RESERVED
CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
- {DSA-5126-1 DSA-4998-1}
+ {DSA-5126-1 DSA-4998-1 DLA-3010-1}
- ffmpeg 7:4.4-5
NOTE: https://trac.ffmpeg.org/ticket/8186
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1 (4.4)
@@ -165671,14 +165728,14 @@ CVE-2020-20894
CVE-2020-20893
REJECTED
CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...)
- {DSA-5126-1}
+ {DSA-5126-1 DLA-3010-1}
- ffmpeg 7:4.3-2
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01 (4.3)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=439645004bb672a29145621549cb87acdb2f84db (4.1.9)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=94e502e96b0870177e0af4c1e8718ac71475e374 (3.2.17)
NOTE: https://trac.ffmpeg.org/ticket/8265
CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...)
- {DSA-5126-1}
+ {DSA-5126-1 DLA-3010-1}
- ffmpeg 7:4.3-2
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5cb859665d62658d7859f345650fcb38528c4ab (4.1.9)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b5267fa658f57d0cdc6d6401cbf834bcc7806d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b5267fa658f57d0cdc6d6401cbf834bcc7806d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221103/b1457ca0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list