[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 10 20:10:32 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dffed5e1 by security tracker role at 2022-11-10T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2022-45143
+ RESERVED
+CVE-2022-45142
+ RESERVED
+CVE-2022-45141
+ RESERVED
+CVE-2022-45140
+ RESERVED
+CVE-2022-45139
+ RESERVED
+CVE-2022-45138
+ RESERVED
+CVE-2022-45137
+ RESERVED
+CVE-2022-45136
+ RESERVED
+CVE-2022-45135
+ RESERVED
+CVE-2022-43668
+ RESERVED
+CVE-2022-3932
+ RESERVED
+CVE-2022-3931
+ RESERVED
+CVE-2022-3930
+ RESERVED
+CVE-2022-3929
+ RESERVED
+CVE-2022-3928
+ RESERVED
+CVE-2022-3927
+ RESERVED
+CVE-2022-3926
+ RESERVED
+CVE-2022-3925
+ RESERVED
+CVE-2022-3924
+ RESERVED
+CVE-2022-3923
+ RESERVED
+CVE-2022-3922
+ RESERVED
CVE-2022-45134
RESERVED
CVE-2022-45133
@@ -146,8 +188,7 @@ CVE-2022-3910
RESERVED
CVE-2022-3909
RESERVED
-CVE-2022-45063
- RESERVED
+CVE-2022-45063 (xterm before 375 allows code execution via font ops, e.g., because an ...)
- xterm 375-1
[bullseye] - xterm <no-dsa> (Minor issue; mitigated by default in Debian)
NOTE: https://www.openwall.com/lists/oss-security/2022/11/10/1
@@ -1002,8 +1043,8 @@ CVE-2022-44729
RESERVED
CVE-2022-44728
RESERVED
-CVE-2022-44727
- RESERVED
+CVE-2022-44727 (The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for Pres ...)
+ TODO: check
CVE-2022-44726
RESERVED
CVE-2022-44725
@@ -3615,12 +3656,12 @@ CVE-2022-44091
RESERVED
CVE-2022-44090
RESERVED
-CVE-2022-44089
- RESERVED
-CVE-2022-44088
- RESERVED
-CVE-2022-44087
- RESERVED
+CVE-2022-44089 (ESPCMS P8.21120101 was discovered to contain a remote code execution ( ...)
+ TODO: check
+CVE-2022-44088 (ESPCMS P8.21120101 was discovered to contain a remote code execution ( ...)
+ TODO: check
+CVE-2022-44087 (ESPCMS P8.21120101 was discovered to contain a remote code execution ( ...)
+ TODO: check
CVE-2022-44086
RESERVED
CVE-2022-44085
@@ -3811,6 +3852,7 @@ CVE-2022-3757 (A vulnerability was found in Exiv2. It has been declared as criti
NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/d3651fdbd352cbaf259f89abf7557da343339378
CVE-2022-3756 (A vulnerability was found in Exiv2. It has been classified as critical ...)
+ {DLA-3186-1}
- exiv2 <unfixed>
NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/bf4f28b727bdedbd7c88179c30d360e54568a62e
CVE-2022-3755 (A vulnerability was found in Exiv2 and classified as problematic. This ...)
@@ -6186,11 +6228,9 @@ CVE-2022-43756
RESERVED
CVE-2022-43755
RESERVED
-CVE-2022-43754
- RESERVED
+CVE-2022-43754 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
NOT-FOR-US: Uyuni
-CVE-2022-43753
- RESERVED
+CVE-2022-43753 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
NOT-FOR-US: Uyuni
CVE-2022-43752 (** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 1/13, when u ...)
NOT-FOR-US: Oracle Solaris
@@ -6973,7 +7013,8 @@ CVE-2022-3644 (The collection remote for pulp_ansible stores tokens in plaintext
NOT-FOR-US: Pulp (Red Hat)
CVE-2022-3643
RESERVED
-CVE-2022-3642 (A vulnerability classified as problematic has been found in Linux Kern ...)
+CVE-2022-3642
+ REJECTED
- linux <not-affected> (Vulnerable code not present in any released or mainline commit; only wireless-next)
CVE-2022-3641
RESERVED
@@ -8213,11 +8254,13 @@ CVE-2022-3553 (A vulnerability, which was classified as problematic, was found i
CVE-2022-3552 (Unrestricted Upload of File with Dangerous Type in GitHub repository b ...)
NOT-FOR-US: boxbilling
CVE-2022-3551 (A vulnerability, which was classified as problematic, has been found i ...)
+ {DLA-3185-1}
- xorg-server <unfixed>
[bullseye] - xorg-server <no-dsa> (Minor issue)
- xwayland <unfixed>
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/18f91b950e22c2a342a4fbc55e9ddf7534a707d2
CVE-2022-3550 (A vulnerability classified as critical was found in X.org Server. Affe ...)
+ {DLA-3185-1}
- xorg-server <unfixed>
- xwayland <unfixed>
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/11beef0b7f1ed290348e45618e5fa0d2bffcb72e
@@ -8949,10 +8992,10 @@ CVE-2022-42789 (An issue in code signature validation was addressed with improve
NOT-FOR-US: Apple
CVE-2022-42788 (A permissions issue existed. This issue was addressed with improved pe ...)
NOT-FOR-US: Apple
-CVE-2022-42787
- RESERVED
-CVE-2022-42786
- RESERVED
+CVE-2022-42787 (Multiple W&T products of the Comserver Series use a small number s ...)
+ TODO: check
+CVE-2022-42786 (Multiple W&T Products of the ComServer Series are prone to an XSS ...)
+ TODO: check
CVE-2022-42785
RESERVED
CVE-2022-42784
@@ -11100,7 +11143,7 @@ CVE-2022-41853 (Those using java.sql.Statement or java.sql.PreparedStatement in
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7
NOTE: http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control
NOTE: https://sourceforge.net/p/hsqldb/svn/6614/
-CVE-2022-41852 (Those using JXPath to interpret untrusted XPath expressions may be vul ...)
+CVE-2022-41852 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
- libcommons-jxpath-java <unfixed> (unimportant)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133
NOTE: https://github.com/apache/commons-jxpath/pull/25
@@ -15335,19 +15378,19 @@ CVE-2022-40163
RESERVED
CVE-2022-40162
RESERVED
-CVE-2022-40161 (Those using JXPath to interpret XPath may be vulnerable to Denial of S ...)
+CVE-2022-40161 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
- libcommons-jxpath-java <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47097
CVE-2022-40160 (Those using JXPath to interpret XPath may be vulnerable to Denial of S ...)
- libcommons-jxpath-java <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47053
-CVE-2022-40159 (Those using JXPath to interpret XPath may be vulnerable to Denial of S ...)
+CVE-2022-40159 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
- libcommons-jxpath-java <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057
-CVE-2022-40158 (Those using JXPath to interpret XPath may be vulnerable to Denial of S ...)
+CVE-2022-40158 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
- libcommons-jxpath-java <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47058
-CVE-2022-40157 (Those using JXPath to interpret XPath may be vulnerable to Denial of S ...)
+CVE-2022-40157 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
- libcommons-jxpath-java <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47061
CVE-2022-40156 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
@@ -15373,6 +15416,7 @@ CVE-2022-40150 (Those using Jettison to parse untrusted XML or JSON data may be
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549
NOTE: https://github.com/jettison-json/jettison/issues/45
CVE-2022-40149 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...)
+ {DLA-3184-1}
- libjettison-java 1.5.1-1 (bug #1022554)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538
NOTE: https://github.com/jettison-json/jettison/issues/45
@@ -17078,8 +17122,8 @@ CVE-2022-39397
RESERVED
CVE-2022-39396 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Node parse-server
-CVE-2022-39395
- RESERVED
+CVE-2022-39395 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
+ TODO: check
CVE-2022-39394
RESERVED
CVE-2022-39393
@@ -26416,8 +26460,8 @@ CVE-2022-36024 (py-cord is a an API wrapper for Discord written in Python. Bots
NOT-FOR-US: py-cord
CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distributed led ...)
NOT-FOR-US: Hyperledger Fabric
-CVE-2022-36022
- RESERVED
+CVE-2022-36022 (Deeplearning4J is a suite of tools for deploying and training deep lea ...)
+ TODO: check
CVE-2022-36021
RESERVED
CVE-2022-36020 (The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, ...)
@@ -30155,8 +30199,8 @@ CVE-2022-34667
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
[buster] - nvidia-cuda-toolkit <no-dsa> (Minor issue)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5373
-CVE-2022-34666
- RESERVED
+CVE-2022-34666 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ TODO: check
CVE-2022-34665
RESERVED
CVE-2022-34664
@@ -39432,8 +39476,7 @@ CVE-2022-31257 (A vulnerability has been identified in Mendix Applications using
CVE-2022-31256 (A Improper Link Resolution Before File Access ('Link Following') vulne ...)
- sendmail <not-affected> (Vulnerability in SUSE-specific script used in sentmail-client.service service unit)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1204696
-CVE-2022-31255
- RESERVED
+CVE-2022-31255 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
NOT-FOR-US: Uyuni
CVE-2022-31254
RESERVED
@@ -88399,8 +88442,8 @@ CVE-2021-40291
RESERVED
CVE-2021-40290
RESERVED
-CVE-2021-40289
- RESERVED
+CVE-2021-40289 (mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS). ...)
+ TODO: check
CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
NOT-FOR-US: TP-Link
CVE-2021-40287
@@ -88527,8 +88570,8 @@ CVE-2021-40228
RESERVED
CVE-2021-40227
RESERVED
-CVE-2021-40226
- RESERVED
+CVE-2021-40226 (xpdfreader 4.03 is vulnerable to Buffer Overflow. ...)
+ TODO: check
CVE-2021-40225
RESERVED
CVE-2021-40224
@@ -97170,9 +97213,9 @@ CVE-2021-36782 (A Cleartext Storage of Sensitive Information vulnerability in SU
NOT-FOR-US: Rancher
CVE-2021-36781 (A Incorrect Default Permissions vulnerability in the parsec package of ...)
NOT-FOR-US: Parsec
-CVE-2021-36780 (A Improper Access Control vulnerability in longhorn of SUSE Longhorn a ...)
+CVE-2021-36780 (A Missing Authentication for Critical Function vulnerability in longho ...)
NOT-FOR-US: Longhorn
-CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn allows any w ...)
+CVE-2021-36779 (A Missing Authentication for Critical Function vulnerability in SUSE L ...)
NOT-FOR-US: Longhorn
CVE-2021-36778 (A Incorrect Authorization vulnerability in SUSE Rancher allows adminis ...)
NOT-FOR-US: Rancher
@@ -170416,6 +170459,7 @@ CVE-2020-19718 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of Be
CVE-2020-19717 (An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bent ...)
NOT-FOR-US: Bento4
CVE-2020-19716 (A buffer overflow vulnerability in the Databuf function in types.cpp o ...)
+ {DLA-3186-1}
- exiv2 0.27.2-6
NOTE: https://github.com/Exiv2/exiv2/issues/980
NOTE: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3
@@ -350103,7 +350147,7 @@ CVE-2017-11684 (There is an illegal address access in the build_table function i
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1073
NOTE: Fixed by https://github.com/libav/libav/commit/ec683ed527cef9aad208d1daeb10d0e7fb63e75e.patch
CVE-2017-11683 (There is a reachable assertion in the Internal::TiffReader::visitDirec ...)
- {DLA-1147-1}
+ {DLA-3186-1 DLA-1147-1}
- exiv2 0.27.2-6 (unimportant)
NOTE: http://dev.exiv2.org/issues/1307
NOTE: https://github.com/Exiv2/exiv2/issues/57
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dffed5e1b1cf4e36ce24069e03f8cf7d6e3e7b08
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dffed5e1b1cf4e36ce24069e03f8cf7d6e3e7b08
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221110/f6725119/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list