[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 9 08:10:23 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
de61d2a7 by security tracker role at 2022-11-09T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-45063
+ RESERVED
+CVE-2022-45062 (In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there i ...)
+ TODO: check
+CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An unnecessary quadra ...)
+ TODO: check
+CVE-2022-45060 (An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and ...)
+ TODO: check
+CVE-2022-45059 (An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x be ...)
+ TODO: check
+CVE-2022-3908
+ RESERVED
+CVE-2022-3907
+ RESERVED
+CVE-2022-3906
+ RESERVED
+CVE-2022-3905
+ RESERVED
+CVE-2022-3904
+ RESERVED
+CVE-2022-3903
+ RESERVED
+CVE-2022-3902
+ RESERVED
+CVE-2022-3901
+ RESERVED
+CVE-2022-3900
+ RESERVED
CVE-2022-45058
RESERVED
CVE-2022-45057
@@ -44,28 +72,22 @@ CVE-2022-3891
RESERVED
CVE-2022-45045
RESERVED
-CVE-2022-3890
- RESERVED
+CVE-2022-3890 (Heap buffer overflow in Crashpad in Google Chrome on Android prior to ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3889
- RESERVED
+CVE-2022-3889 (Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3888
- RESERVED
+CVE-2022-3888 (Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 a ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3887
- RESERVED
+CVE-2022-3887 (Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3886
- RESERVED
+CVE-2022-3886 (Use after free in Speech Recognition in Google Chrome prior to 107.0.5 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3885
- RESERVED
+CVE-2022-3885 (Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3884
@@ -2134,8 +2156,8 @@ CVE-2022-3823
RESERVED
CVE-2022-3822
RESERVED
-CVE-2022-3821
- RESERVED
+CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_timespan ...)
+ TODO: check
CVE-2022-3820
RESERVED
CVE-2022-3819
@@ -7629,8 +7651,8 @@ CVE-2022-43146
RESERVED
CVE-2022-43145
RESERVED
-CVE-2022-43144
- RESERVED
+CVE-2022-43144 (A cross-site scripting (XSS) vulnerability in Canteen Management Syste ...)
+ TODO: check
CVE-2022-43143
RESERVED
CVE-2022-43142
@@ -12530,12 +12552,12 @@ CVE-2022-41262
RESERVED
CVE-2022-41261
RESERVED
-CVE-2022-41260
- RESERVED
-CVE-2022-41259
- RESERVED
-CVE-2022-41258
- RESERVED
+CVE-2022-41260 (SAP Financial Consolidation - version 1010, does not sufficiently enco ...)
+ TODO: check
+CVE-2022-41259 (SAP SQL Anywhere - version 17.0, allows an authenticated attacker to p ...)
+ TODO: check
+CVE-2022-41258 (Due to insufficient input validation, SAP Financial Consolidation - ve ...)
+ TODO: check
CVE-2022-41257
RESERVED
CVE-2022-41256
@@ -12645,32 +12667,32 @@ CVE-2022-41217
RESERVED
CVE-2022-41216
RESERVED
-CVE-2022-41215
- RESERVED
-CVE-2022-41214
- RESERVED
+CVE-2022-41215 (SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated ...)
+ TODO: check
+CVE-2022-41214 (Due to insufficient input validation, SAP NetWeaver Application Server ...)
+ TODO: check
CVE-2022-41213
RESERVED
-CVE-2022-41212
- RESERVED
-CVE-2022-41211
- RESERVED
+CVE-2022-41212 (Due to insufficient input validation, SAP NetWeaver Application Server ...)
+ TODO: check
+CVE-2022-41211 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
CVE-2022-41210 (SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, ...)
NOT-FOR-US: SAP
CVE-2022-41209 (SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, ...)
NOT-FOR-US: SAP
-CVE-2022-41208
- RESERVED
-CVE-2022-41207
- RESERVED
+CVE-2022-41208 (Due to insufficient input validation, SAP Financial Consolidation - ve ...)
+ TODO: check
+CVE-2022-41207 (SAP Biller Direct allows an unauthenticated attacker to craft a legiti ...)
+ TODO: check
CVE-2022-41206 (SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) ...)
NOT-FOR-US: SAP
-CVE-2022-41205
- RESERVED
+CVE-2022-41205 (SAP GUI allows an authenticated attacker to execute scripts in the loc ...)
+ TODO: check
CVE-2022-41204 (An attacker can change the content of an SAP Commerce - versions 1905, ...)
NOT-FOR-US: SAP
-CVE-2022-41203
- RESERVED
+CVE-2022-41203 (In some workflow of SAP BusinessObjects BI Platform (Central Managemen ...)
+ TODO: check
CVE-2022-41202 (Due to lack of proper memory management, when a victim opens a manipul ...)
NOT-FOR-US: SAP
CVE-2022-41201 (Due to lack of proper memory management, when a victim opens a manipul ...)
@@ -13563,8 +13585,8 @@ CVE-2022-40799
RESERVED
CVE-2022-40798 (OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a req ...)
NOT-FOR-US: OcoMon
-CVE-2022-40797
- RESERVED
+CVE-2022-40797 (Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, be ...)
+ TODO: check
CVE-2022-40796
RESERVED
CVE-2022-40795
@@ -16884,16 +16906,16 @@ CVE-2022-39392
RESERVED
CVE-2022-39391
RESERVED
-CVE-2022-39390
- RESERVED
+CVE-2022-39390 (Octocat.js is a library used to render a set of options into an SVG. V ...)
+ TODO: check
CVE-2022-39389
RESERVED
CVE-2022-39388
RESERVED
CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect protocol in ...)
NOT-FOR-US: XWiki
-CVE-2022-39386
- RESERVED
+CVE-2022-39386 (@fastify/websocket provides WebSocket support for Fastify. Any applica ...)
+ TODO: check
CVE-2022-39385
RESERVED
CVE-2022-39384 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
@@ -16910,8 +16932,8 @@ CVE-2022-39379 (Fluentd collects events from various data sources and writes the
- fluentd <itp> (bug #926692)
CVE-2022-39378 (Discourse is a platform for community discussion. Under certain condit ...)
NOT-FOR-US: Discourse
-CVE-2022-39377
- RESERVED
+CVE-2022-39377 (sysstat is a set of system performance tools for the Linux operating s ...)
+ TODO: check
CVE-2022-39376 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6rh5-m5g7-327w
@@ -17026,8 +17048,8 @@ CVE-2022-39330 (Nextcloud Server is the file server software for Nextcloud, a se
- nextcloud-server <itp> (bug #941708)
CVE-2022-39329 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2022-39328
- RESERVED
+CVE-2022-39328 (Grafana is an open-source platform for monitoring and observability. V ...)
+ TODO: check
CVE-2022-39327 (Azure CLI is the command-line interface for Microsoft Azure. In versio ...)
- azure-cli 2.40.0-1
NOTE: https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4
@@ -21937,7 +21959,7 @@ CVE-2022-37618
RESERVED
CVE-2022-37617 (Prototype pollution vulnerability in function resolveShims in resolve- ...)
NOT-FOR-US: Node browserify-shim
-CVE-2022-37616 (A prototype pollution vulnerability exists in the function copy in dom ...)
+CVE-2022-37616 (** DISPUTED ** A prototype pollution vulnerability exists in the funct ...)
{DLA-3154-1}
- node-xmldom 0.8.3-1 (bug #1021618)
[bullseye] - node-xmldom <no-dsa> (Minor issue)
@@ -23673,8 +23695,8 @@ CVE-2022-37017
RESERVED
CVE-2022-37016
RESERVED
-CVE-2022-37015
- RESERVED
+CVE-2022-37015 (Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4. ...)
+ TODO: check
CVE-2022-37014
RESERVED
CVE-2022-2572 (In affected versions of Octopus Server where access is managed by an e ...)
@@ -29490,14 +29512,14 @@ CVE-2022-34827
RESERVED
CVE-2022-34826 (In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passp ...)
NOT-FOR-US: Couchbase Server
-CVE-2022-34825
- RESERVED
-CVE-2022-34824
- RESERVED
-CVE-2022-34823
- RESERVED
-CVE-2022-34822
- RESERVED
+CVE-2022-34825 (Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and e ...)
+ TODO: check
+CVE-2022-34824 (Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for ...)
+ TODO: check
+CVE-2022-34823 (Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earl ...)
+ TODO: check
+CVE-2022-34822 (Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earli ...)
+ TODO: check
CVE-2022-2259
RESERVED
CVE-2022-2258
@@ -33478,10 +33500,10 @@ CVE-2022-33324
RESERVED
CVE-2022-33323
RESERVED
-CVE-2022-33322
- RESERVED
-CVE-2022-33321
- RESERVED
+CVE-2022-33322 (Cross-site scripting vulnerability in Mitsubishi Electric consumer ele ...)
+ TODO: check
+CVE-2022-33321 (Cleartext Transmission of Sensitive Information vulnerability due to t ...)
+ TODO: check
CVE-2022-33320 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
NOT-FOR-US: ICONICS
CVE-2022-33319 (Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 ...)
@@ -35139,42 +35161,42 @@ CVE-2022-32620
RESERVED
CVE-2022-32619
RESERVED
-CVE-2022-32618
- RESERVED
-CVE-2022-32617
- RESERVED
-CVE-2022-32616
- RESERVED
-CVE-2022-32615
- RESERVED
-CVE-2022-32614
- RESERVED
-CVE-2022-32613
- RESERVED
-CVE-2022-32612
- RESERVED
-CVE-2022-32611
- RESERVED
-CVE-2022-32610
- RESERVED
-CVE-2022-32609
- RESERVED
-CVE-2022-32608
- RESERVED
-CVE-2022-32607
- RESERVED
+CVE-2022-32618 (In typec, there is a possible out of bounds write due to an incorrect ...)
+ TODO: check
+CVE-2022-32617 (In typec, there is a possible out of bounds write due to an incorrect ...)
+ TODO: check
+CVE-2022-32616 (In isp, there is a possible out of bounds write due to uninitialized d ...)
+ TODO: check
+CVE-2022-32615 (In ccd, there is a possible out of bounds write due to uninitialized d ...)
+ TODO: check
+CVE-2022-32614 (In audio, there is a possible memory corruption due to a logic error. ...)
+ TODO: check
+CVE-2022-32613 (In vcu, there is a possible memory corruption due to a race condition. ...)
+ TODO: check
+CVE-2022-32612 (In vcu, there is a possible use after free due to a race condition. Th ...)
+ TODO: check
+CVE-2022-32611 (In isp, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2022-32610 (In vcu, there is a possible use after free due to a race condition. Th ...)
+ TODO: check
+CVE-2022-32609 (In vcu, there is a possible use after free due to a race condition. Th ...)
+ TODO: check
+CVE-2022-32608 (In jpeg, there is a possible use after free due to a race condition. T ...)
+ TODO: check
+CVE-2022-32607 (In aee, there is a possible use after free due to a missing bounds che ...)
+ TODO: check
CVE-2022-32606
RESERVED
-CVE-2022-32605
- RESERVED
+CVE-2022-32605 (In isp, there is a possible out of bounds write due to an incorrect bo ...)
+ TODO: check
CVE-2022-32604
RESERVED
-CVE-2022-32603
- RESERVED
-CVE-2022-32602
- RESERVED
-CVE-2022-32601
- RESERVED
+CVE-2022-32603 (In gpu drm, there is a possible out of bounds write due to improper in ...)
+ TODO: check
+CVE-2022-32602 (In keyinstall, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2022-32601 (In telephony, there is a possible permission bypass due to a parcel fo ...)
+ TODO: check
CVE-2022-32600
RESERVED
CVE-2022-32599
@@ -41604,8 +41626,8 @@ CVE-2022-30517 (Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). ...)
NOT-FOR-US: Mogu
CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in the doctor ...)
NOT-FOR-US: Hospital-Management-System
-CVE-2022-30515
- RESERVED
+CVE-2022-30515 (ZKTeco BioTime 8.5.4 is missing authentication on folders containing e ...)
+ TODO: check
CVE-2022-30514 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...)
NOT-FOR-US: School Dormitory Management System
CVE-2022-30513 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...)
@@ -50330,20 +50352,20 @@ CVE-2022-27518
RESERVED
CVE-2022-27517
RESERVED
-CVE-2022-27516
- RESERVED
+CVE-2022-27516 (User login brute force protection functionality bypass ...)
+ TODO: check
CVE-2022-27515
RESERVED
CVE-2022-27514
RESERVED
-CVE-2022-27513
- RESERVED
+CVE-2022-27513 (Remote desktop takeover via phishing ...)
+ TODO: check
CVE-2022-27512 (Temporary disruption of the ADM license service. The impact of this in ...)
NOT-FOR-US: Citrix
CVE-2022-27511 (Corruption of the system by a remote, unauthenticated user. The impact ...)
NOT-FOR-US: Citrix
-CVE-2022-27510
- RESERVED
+CVE-2022-27510 (Unauthorized access to Gateway user capabilities ...)
+ TODO: check
CVE-2022-27509 (Unauthenticated redirection to a malicious website ...)
NOT-FOR-US: Citrix
CVE-2022-27508
@@ -53374,8 +53396,8 @@ CVE-2022-26448 (In apusys, there is a possible out of bounds write due to a miss
NOT-FOR-US: Mediatek
CVE-2022-26447 (In BT firmware, there is a possible out of bounds write due to a missi ...)
NOT-FOR-US: Mediatek
-CVE-2022-26446
- RESERVED
+CVE-2022-26446 (In Modem 4G RRC, there is a possible system crash due to improper inpu ...)
+ TODO: check
CVE-2022-26445 (In wifi driver, there is a possible out of bounds write due to a missi ...)
NOT-FOR-US: MediaTek
CVE-2022-26444 (In wifi driver, there is a possible out of bounds write due to a missi ...)
@@ -74019,8 +74041,8 @@ CVE-2022-21780 (In WLAN driver, there is a possible out of bounds write due to a
NOT-FOR-US: MediaTek driver for Android
CVE-2022-21779 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
NOT-FOR-US: MediaTek driver for Android
-CVE-2022-21778
- RESERVED
+CVE-2022-21778 (In vpu, there is a possible information disclosure due to an incorrect ...)
+ TODO: check
CVE-2022-21777 (In Autoboot, there is a possible permission bypass due to a missing pe ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2022-21776 (In MDP, there is a possible use after free due to a race condition. Th ...)
@@ -81388,14 +81410,14 @@ CVE-2022-20467
RESERVED
CVE-2022-20466
RESERVED
-CVE-2022-20465
- RESERVED
+CVE-2022-20465 (In dismiss and related functions of KeyguardHostViewController.java an ...)
+ TODO: check
CVE-2022-20464 (In various functions of ap_input_processor.c, there is a possible way ...)
NOT-FOR-US: Android
-CVE-2022-20463
- RESERVED
-CVE-2022-20462
- RESERVED
+CVE-2022-20463 (In factoryReset of WifiServiceImpl, there is a possible way to preserv ...)
+ TODO: check
+CVE-2022-20462 (In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible o ...)
+ TODO: check
CVE-2022-20461
RESERVED
CVE-2022-20460
@@ -81404,40 +81426,40 @@ CVE-2022-20459
RESERVED
CVE-2022-20458
RESERVED
-CVE-2022-20457
- RESERVED
+CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there is a poss ...)
+ TODO: check
CVE-2022-20456
RESERVED
CVE-2022-20455
RESERVED
-CVE-2022-20454
- RESERVED
-CVE-2022-20453
- RESERVED
-CVE-2022-20452
- RESERVED
-CVE-2022-20451
- RESERVED
-CVE-2022-20450
- RESERVED
+CVE-2022-20454 (In fdt_next_tag of fdt.c, there is a possible out of bounds write due ...)
+ TODO: check
+CVE-2022-20453 (In update of MmsProvider.java, there is a possible constriction of dir ...)
+ TODO: check
+CVE-2022-20452 (In initializeFromParcelLocked of BaseBundle.java, there is a possible ...)
+ TODO: check
+CVE-2022-20451 (In onCallRedirectionComplete of CallsManager.java, there is a possible ...)
+ TODO: check
+CVE-2022-20450 (In restorePermissionState of PermissionManagerServiceImpl.java, there ...)
+ TODO: check
CVE-2022-20449
RESERVED
-CVE-2022-20448
- RESERVED
-CVE-2022-20447
- RESERVED
-CVE-2022-20446
- RESERVED
-CVE-2022-20445
- RESERVED
+CVE-2022-20448 (In buzzBeepBlinkLocked of NotificationManagerService.java, there is a ...)
+ TODO: check
+CVE-2022-20447 (In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read ...)
+ TODO: check
+CVE-2022-20446 (In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a ...)
+ TODO: check
+CVE-2022-20445 (In process_service_search_rsp of sdp_discovery.cc, there is a possible ...)
+ TODO: check
CVE-2022-20444
RESERVED
CVE-2022-20443
RESERVED
CVE-2022-20442
RESERVED
-CVE-2022-20441
- RESERVED
+CVE-2022-20441 (In navigateUpTo of Task.java, there is a possible way to launch an une ...)
+ TODO: check
CVE-2022-20440 (In Messaging, There has unauthorized broadcast, this could cause Local ...)
NOT-FOR-US: Android
CVE-2022-20439 (In Messaging, There has unauthorized provider, this could cause Local ...)
@@ -81466,8 +81488,8 @@ CVE-2022-20428
RESERVED
CVE-2022-20427
RESERVED
-CVE-2022-20426
- RESERVED
+CVE-2022-20426 (In multiple functions of many files, there is a possible obstruction o ...)
+ TODO: check
CVE-2022-20425 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...)
NOT-FOR-US: Android
CVE-2022-20424
@@ -81503,8 +81525,8 @@ CVE-2022-20416 (In audioTransportsToHal of HidlUtils.cpp, there is a possible ou
NOT-FOR-US: Android
CVE-2022-20415 (In handleFullScreenIntent of StatusBarNotificationActivityStarter.java ...)
NOT-FOR-US: Android
-CVE-2022-20414
- RESERVED
+CVE-2022-20414 (In setImpl of AlarmManagerService.java, there is a possible way to put ...)
+ TODO: check
CVE-2022-20413 (In start of Threads.cpp, there is a possible way to record audio durin ...)
NOT-FOR-US: Android
CVE-2022-20412 (In fdt_next_tag of fdt.c, there is a possible out of bounds read due t ...)
@@ -89609,8 +89631,8 @@ CVE-2021-39663 (In openFileAndEnforcePathPermissionsHelper of MediaProvider.java
NOT-FOR-US: Android
CVE-2021-39662 (In checkUriPermission of MediaProvider.java , there is a possible way ...)
NOT-FOR-US: Android
-CVE-2021-39661
- RESERVED
+CVE-2021-39661 (In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, the ...)
+ TODO: check
CVE-2021-39660
RESERVED
CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...)
@@ -148146,8 +148168,8 @@ CVE-2020-28337 (A directory traversal issue in the Utils/Unzip module in Microwe
NOT-FOR-US: Microweber
CVE-2020-28336
RESERVED
-CVE-2021-1050
- RESERVED
+CVE-2021-1050 (In MMU_UnmapPages of the PowerVR kernel driver, there is a possible ou ...)
+ TODO: check
CVE-2021-1049 (Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ...)
NOT-FOR-US: Unisoc
CVE-2021-1048 (In ep_loop_check_proc of eventpoll.c, there is a possible way to corru ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de61d2a716b372d4d41df342765d36f80dbb3449
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de61d2a716b372d4d41df342765d36f80dbb3449
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221109/b9656da2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list