[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 4 20:10:32 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a4ed22d4 by security tracker role at 2022-11-04T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2023-21418
+ RESERVED
+CVE-2023-21417
+ RESERVED
+CVE-2023-21416
+ RESERVED
+CVE-2023-21415
+ RESERVED
+CVE-2023-21414
+ RESERVED
+CVE-2023-21413
+ RESERVED
+CVE-2023-21412
+ RESERVED
+CVE-2023-21411
+ RESERVED
+CVE-2023-21410
+ RESERVED
+CVE-2023-21409
+ RESERVED
+CVE-2023-21408
+ RESERVED
+CVE-2023-21407
+ RESERVED
+CVE-2023-21406
+ RESERVED
+CVE-2023-21405
+ RESERVED
+CVE-2023-21404
+ RESERVED
+CVE-2022-44749
+ RESERVED
+CVE-2022-44748
+ RESERVED
+CVE-2022-44731
+ RESERVED
+CVE-2022-44730
+ RESERVED
+CVE-2022-44729
+ RESERVED
+CVE-2022-44728
+ RESERVED
+CVE-2022-44727
+ RESERVED
+CVE-2022-44726
+ RESERVED
+CVE-2022-44725
+ RESERVED
+CVE-2022-44724 (The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Da ...)
+ TODO: check
+CVE-2022-44723
+ RESERVED
+CVE-2022-44722
+ RESERVED
+CVE-2022-44721
+ RESERVED
+CVE-2022-44720
+ RESERVED
+CVE-2022-44719
+ RESERVED
+CVE-2022-44718
+ RESERVED
+CVE-2022-44717
+ RESERVED
+CVE-2022-44716
+ RESERVED
+CVE-2022-44715
+ RESERVED
+CVE-2022-3862
+ RESERVED
+CVE-2022-3861
+ RESERVED
+CVE-2022-3860
+ RESERVED
+CVE-2022-3859
+ RESERVED
+CVE-2022-3858
+ RESERVED
+CVE-2022-3857
+ RESERVED
+CVE-2022-3856
+ RESERVED
CVE-2023-21403
RESERVED
CVE-2023-21402
@@ -4669,8 +4751,8 @@ CVE-2022-3723 (Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allo
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3722
RESERVED
-CVE-2022-3721
- RESERVED
+CVE-2022-3721 (Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. ...)
+ TODO: check
CVE-2022-3720
RESERVED
CVE-2022-3719 (A vulnerability has been found in Exiv2 and classified as critical. Th ...)
@@ -4693,8 +4775,8 @@ CVE-2022-3715
RESERVED
CVE-2022-3714 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Online Medicine Ordering System
-CVE-2022-43945
- RESERVED
+CVE-2022-43945 (The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0 ...)
+ TODO: check
CVE-2022-43944
RESERVED
CVE-2022-43943
@@ -7799,12 +7881,10 @@ CVE-2022-42826
CVE-2022-42825 (This issue was addressed by removing additional entitlements. This iss ...)
NOT-FOR-US: Apple
CVE-2022-42824 (A logic issue was addressed with improved state management. This issue ...)
- RESERVED
- webkit2gtk 2.38.2-1
- wpewebkit 2.38.2-1
NOTE: https://webkitgtk.org/security/WSA-2022-0010.html
CVE-2022-42823 (A type confusion issue was addressed with improved memory handling. Th ...)
- RESERVED
- webkit2gtk 2.38.2-1
- wpewebkit 2.38.2-1
NOTE: https://webkitgtk.org/security/WSA-2022-0010.html
@@ -7855,7 +7935,6 @@ CVE-2022-42801 (A logic issue was addressed with improved checks. This issue is
CVE-2022-42800 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2022-42799 (The issue was addressed with improved UI handling. This issue is fixed ...)
- RESERVED
- webkit2gtk 2.38.2-1
- wpewebkit 2.38.2-1
NOTE: https://webkitgtk.org/security/WSA-2022-0010.html
@@ -10520,18 +10599,18 @@ CVE-2022-41673
RESERVED
CVE-2022-41672 (In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn' ...)
- airflow <itp> (bug #819700)
-CVE-2022-41671
- RESERVED
-CVE-2022-41670
- RESERVED
-CVE-2022-41669
- RESERVED
-CVE-2022-41668
- RESERVED
-CVE-2022-41667
- RESERVED
-CVE-2022-41666
- RESERVED
+CVE-2022-41671 (A CWE-89: Improper Neutralization of Special Elements used in SQL Comm ...)
+ TODO: check
+CVE-2022-41670 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
+CVE-2022-41669 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...)
+ TODO: check
+CVE-2022-41668 (A CWE-704: Incorrect Project Conversion vulnerability exists that allo ...)
+ TODO: check
+CVE-2022-41667 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
+CVE-2022-41666 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...)
+ TODO: check
CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
NOT-FOR-US: Siemens
CVE-2022-41664
@@ -10736,8 +10815,8 @@ CVE-2022-3342
RESERVED
CVE-2022-3341
RESERVED
-CVE-2022-3340
- RESERVED
+CVE-2022-3340 (XML External Entity (XXE) vulnerability in Trellix IPS Manager prior t ...)
+ TODO: check
CVE-2022-3339 (A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5 ...)
NOT-FOR-US: Trellix ePolicy Orchestrator
CVE-2022-3338 (An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update ...)
@@ -13950,6 +14029,7 @@ CVE-2022-40285
RESERVED
CVE-2022-40284
RESERVED
+ {DSA-5270-1}
- ntfs-3g 1:2022.10.3-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/31/2
NOTE: https://github.com/tuxera/ntfs-3g/commit/18bfc676119a1188e8135287b8327b0760ba44a1 (2022.10.3)
@@ -13994,8 +14074,8 @@ CVE-2022-40265
RESERVED
CVE-2022-40264
RESERVED
-CVE-2022-40263
- RESERVED
+CVE-2022-40263 (BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcode ...)
+ TODO: check
CVE-2022-40262 (A potential attacker can execute an arbitrary code at the time of the ...)
NOT-FOR-US: AMI
CVE-2022-40261 (An attacker can exploit this vulnerability to elevate privileges from ...)
@@ -15998,8 +16078,8 @@ CVE-2022-39389
RESERVED
CVE-2022-39388
RESERVED
-CVE-2022-39387
- RESERVED
+CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect protocol in ...)
+ TODO: check
CVE-2022-39386
RESERVED
CVE-2022-39385
@@ -17617,8 +17697,8 @@ CVE-2022-3025 (The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does
NOT-FOR-US: WordPress plugin
CVE-2022-3024 (The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not hav ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3023
- RESERVED
+CVE-2022-3023 (Use of Externally-Controlled Format String in GitHub repository pingca ...)
+ TODO: check
CVE-2022-3022
REJECTED
CVE-2022-3021 (The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and ...)
@@ -18369,8 +18449,8 @@ CVE-2022-38584
RESERVED
CVE-2022-38583
RESERVED
-CVE-2022-38582
- RESERVED
+CVE-2022-38582 (Incorrect access control in the anti-virus driver wsdkd.sys of Watchdo ...)
+ TODO: check
CVE-2022-38581
RESERVED
CVE-2022-38580 (Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery ...)
@@ -20342,8 +20422,8 @@ CVE-2022-37932
RESERVED
CVE-2022-37931
RESERVED
-CVE-2022-37930
- RESERVED
+CVE-2022-37930 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
+ TODO: check
CVE-2022-37929 (Improper Privilege Management vulnerability in Hewlett Packard Enterpr ...)
TODO: check
CVE-2022-37928 (Insufficient Verification of Data Authenticity vulnerability in Hewlet ...)
@@ -31824,8 +31904,8 @@ CVE-2022-33686 (Exposure of Sensitive Information in GsmAlarmManager prior to SM
NOT-FOR-US: Samsung
CVE-2022-33685 (Unprotected dynamic receiver in Wearable Manager Service prior to SMR ...)
NOT-FOR-US: Samsung
-CVE-2022-33684
- RESERVED
+CVE-2022-33684 (The Apache Pulsar C++ Client does not verify peer TLS certificates whe ...)
+ TODO: check
CVE-2022-33683 (Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Clie ...)
NOT-FOR-US: Apache Pulsar
CVE-2022-33682 (TLS hostname verification cannot be enabled in the Pulsar Broker's Jav ...)
@@ -33534,6 +33614,7 @@ CVE-2022-32925 (An out-of-bounds write issue was addressed with improved bounds
CVE-2022-32924 (The issue was addressed with improved memory handling. This issue is f ...)
TODO: check
CVE-2022-32923 (A correctness issue in the JIT was addressed with improved checks. Thi ...)
+ {DSA-5241-1 DSA-5240-1}
TODO: check
CVE-2022-32922 (A use after free issue was addressed with improved memory management. ...)
TODO: check
@@ -33613,6 +33694,7 @@ CVE-2022-32890 (A logic issue was addressed with improved checks. This issue is
CVE-2022-32889 (The issue was addressed with improved memory handling. This issue is f ...)
TODO: check
CVE-2022-32888 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ {DSA-5241-1 DSA-5240-1}
TODO: check
CVE-2022-32887 (The issue was addressed with improved memory handling. This issue is f ...)
TODO: check
@@ -36995,8 +37077,8 @@ CVE-2022-31693
RESERVED
CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 co ...)
TODO: check
-CVE-2022-31691
- RESERVED
+CVE-2022-31691 (Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode ...)
+ TODO: check
CVE-2022-31690 (Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, ...)
TODO: check
CVE-2022-31689
@@ -46862,7 +46944,7 @@ CVE-2022-28347 (A SQL injection issue was discovered in QuerySet.explain() in Dj
NOTE: https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d (3.2.13)
NOTE: https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5 (2.2.28)
CVE-2022-28346 (An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ...)
- {DSA-5254-1 DLA-2982-1}
+ {DSA-5254-1 DLA-3177-1 DLA-2982-1}
- python-django 2:3.2.13-1 (bug #1009677)
NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
NOTE: https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200 (main)
@@ -48407,10 +48489,10 @@ CVE-2022-27896
RESERVED
CVE-2022-27895
RESERVED
-CVE-2022-27894
- RESERVED
-CVE-2022-27893
- RESERVED
+CVE-2022-27894 (The Foundry Blobster service was found to have a cross-site scripting ...)
+ TODO: check
+CVE-2022-27893 (The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - ...)
+ TODO: check
CVE-2022-27892
RESERVED
CVE-2022-27891
@@ -69966,6 +70048,7 @@ CVE-2021-45118
CVE-2021-45117 (The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not hand ...)
NOT-FOR-US: OPCFoundation/UA-Nodeset
CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
+ {DLA-3177-1}
- python-django 2:3.2.11-1 (bug #1003113)
[bullseye] - python-django 2:2.2.26-1~deb11u1
[stretch] - python-django <postponed> (Minor issue; fix in next update)
@@ -69973,6 +70056,7 @@ CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before
NOTE: https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (3.2.11)
NOTE: https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a (2.2.26)
CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
+ {DLA-3177-1}
- python-django 2:3.2.11-1 (bug #1003113)
[bullseye] - python-django 2:2.2.26-1~deb11u1
[stretch] - python-django <postponed> (Minor issue; fix in next update)
@@ -77614,8 +77698,8 @@ CVE-2022-20971
RESERVED
CVE-2022-20970
RESERVED
-CVE-2022-20969
- RESERVED
+CVE-2022-20969 (A vulnerability in multiple management dashboard pages of Cisco Umbrel ...)
+ TODO: check
CVE-2022-20968
RESERVED
CVE-2022-20967
@@ -77626,22 +77710,22 @@ CVE-2022-20965
RESERVED
CVE-2022-20964
RESERVED
-CVE-2022-20963
- RESERVED
-CVE-2022-20962
- RESERVED
-CVE-2022-20961
- RESERVED
-CVE-2022-20960
- RESERVED
+CVE-2022-20963 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
+CVE-2022-20962 (A vulnerability in the Localdisk Management feature of Cisco Identity ...)
+ TODO: check
+CVE-2022-20961 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
+CVE-2022-20960 (A vulnerability in Cisco AsyncOS Software for Cisco Email Security App ...)
+ TODO: check
CVE-2022-20959 (A vulnerability in the External RESTful Services (ERS) API of Cisco Id ...)
TODO: check
-CVE-2022-20958
- RESERVED
+CVE-2022-20958 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
+ TODO: check
CVE-2022-20957
RESERVED
-CVE-2022-20956
- RESERVED
+CVE-2022-20956 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
CVE-2022-20955 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint ...)
TODO: check
CVE-2022-20954 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint ...)
@@ -77650,8 +77734,8 @@ CVE-2022-20953 (Multiple vulnerabilities in Cisco TelePresence Collaboration End
TODO: check
CVE-2022-20952
RESERVED
-CVE-2022-20951
- RESERVED
+CVE-2022-20951 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
+ TODO: check
CVE-2022-20950
RESERVED
CVE-2022-20949
@@ -77668,8 +77752,8 @@ CVE-2022-20944 (A vulnerability in the software image verification functionality
NOT-FOR-US: Cisco
CVE-2022-20943
RESERVED
-CVE-2022-20942
- RESERVED
+CVE-2022-20942 (A vulnerability in the web-based management interface of Cisco Email S ...)
+ TODO: check
CVE-2022-20941
RESERVED
CVE-2022-20940
@@ -77678,8 +77762,8 @@ CVE-2022-20939
RESERVED
CVE-2022-20938
RESERVED
-CVE-2022-20937
- RESERVED
+CVE-2022-20937 (A vulnerability in a feature that monitors RADIUS requests on Cisco Id ...)
+ TODO: check
CVE-2022-20936
RESERVED
CVE-2022-20935
@@ -77816,10 +77900,10 @@ CVE-2022-20870 (A vulnerability in the egress MPLS packet processing function of
NOT-FOR-US: Cisco
CVE-2022-20869 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
NOT-FOR-US: Cisco
-CVE-2022-20868
- RESERVED
-CVE-2022-20867
- RESERVED
+CVE-2022-20868 (A vulnerability in the web-based management interface of Cisco Email S ...)
+ TODO: check
+CVE-2022-20867 (A vulnerability in web-based management interface of the of Cisco Emai ...)
+ TODO: check
CVE-2022-20866 (A vulnerability in the handling of RSA keys on devices running Cisco A ...)
NOT-FOR-US: Cisco
CVE-2022-20865 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
@@ -78022,8 +78106,8 @@ CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco I
NOT-FOR-US: Cisco
CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...)
NOT-FOR-US: Cisco
-CVE-2022-20772
- RESERVED
+CVE-2022-20772 (A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secu ...)
+ TODO: check
CVE-2022-20771 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...)
{DLA-3042-1}
- clamav 0.103.6+dfsg-1
@@ -83914,11 +83998,11 @@ CVE-2021-41578 (mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal a
CVE-2021-41577
RESERVED
CVE-2021-41576
- RESERVED
+ REJECTED
CVE-2021-41575
- RESERVED
+ REJECTED
CVE-2021-41574
- RESERVED
+ REJECTED
CVE-2021-41573 (Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows info ...)
NOT-FOR-US: Hitachi
CVE-2021-3827 (A flaw was found in keycloak, where the default ECP binding flow allow ...)
@@ -89210,8 +89294,8 @@ CVE-2021-39475
RESERVED
CVE-2021-39474 (Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported a ...)
NOT-FOR-US: Docsis UBC1319BA00 Router
-CVE-2021-39473
- RESERVED
+CVE-2021-39473 (Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) ...)
+ TODO: check
CVE-2021-39472
RESERVED
CVE-2021-39471
@@ -89292,8 +89376,8 @@ CVE-2021-39434
RESERVED
CVE-2021-39433 (A local file inclusion (LFI) vulnerability exists in version BIQS IT B ...)
NOT-FOR-US: BIQS IT Biqs-drive
-CVE-2021-39432
- RESERVED
+CVE-2021-39432 (diplib v3.0.0 is vulnerable to Double Free. ...)
+ TODO: check
CVE-2021-39431
RESERVED
CVE-2021-39430
@@ -101105,7 +101189,7 @@ CVE-2021-34687 (iDrive RemotePC before 7.6.48 on Windows allows information disc
CVE-2021-3601
REJECTED
CVE-2021-34686
- RESERVED
+ REJECTED
CVE-2021-34685 (UploadService in Hitachi Vantara Pentaho Business Analytics through 9. ...)
NOT-FOR-US: Hitachi
CVE-2021-34684 (Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unaut ...)
@@ -102557,8 +102641,8 @@ CVE-2021-34057
RESERVED
CVE-2021-34056
RESERVED
-CVE-2021-34055
- RESERVED
+CVE-2021-34055 (jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put ...)
+ TODO: check
CVE-2021-34054
RESERVED
CVE-2021-34053
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4ed22d47f225d6e060aaeac013e5b5d6742a527
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4ed22d47f225d6e060aaeac013e5b5d6742a527
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221104/c6b50a16/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list