[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 12 08:10:30 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24710ea2 by security tracker role at 2022-11-12T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2022-45194 (CBRN-Analysis before 22 allows XXE attacks via am mws XML document, le ...)
+	TODO: check
+CVE-2022-45193 (CBRN-Analysis before 22 has weak file permissions under Public Profile ...)
+	TODO: check
+CVE-2022-45192
+	RESERVED
+CVE-2022-45191
+	RESERVED
+CVE-2022-45190
+	RESERVED
+CVE-2022-45189
+	RESERVED
+CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow  ...)
+	TODO: check
+CVE-2022-45187
+	RESERVED
+CVE-2022-45186
+	RESERVED
+CVE-2022-45185
+	RESERVED
+CVE-2022-45184
+	RESERVED
+CVE-2022-45183
+	RESERVED
+CVE-2022-45182 (Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module  ...)
+	TODO: check
+CVE-2022-45181
+	RESERVED
+CVE-2022-45180
+	RESERVED
+CVE-2022-45179
+	RESERVED
+CVE-2022-45178
+	RESERVED
+CVE-2022-45177
+	RESERVED
+CVE-2022-45176
+	RESERVED
+CVE-2022-45175
+	RESERVED
+CVE-2022-45174
+	RESERVED
+CVE-2022-45173
+	RESERVED
+CVE-2022-45172
+	RESERVED
+CVE-2022-45171
+	RESERVED
+CVE-2022-45170
+	RESERVED
+CVE-2022-45169
+	RESERVED
+CVE-2022-45168
+	RESERVED
+CVE-2022-3962
+	RESERVED
+CVE-2022-3961
+	RESERVED
+CVE-2022-3960
+	RESERVED
 CVE-2022-45167
 	RESERVED
 CVE-2022-45166
@@ -6537,10 +6597,10 @@ CVE-2022-43674
 	RESERVED
 CVE-2022-43673
 	RESERVED
-CVE-2022-43672
-	RESERVED
-CVE-2022-43671
-	RESERVED
+CVE-2022-43672 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 571 ...)
+	TODO: check
+CVE-2022-43671 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 571 ...)
+	TODO: check
 CVE-2022-43670 (An improper neutralization of input during web page generation ('Cross ...)
 	NOT-FOR-US: Apache Sling
 CVE-2022-43667
@@ -11162,8 +11222,8 @@ CVE-2022-41907
 	RESERVED
 CVE-2022-41906 (OpenSearch Notifications is a notifications plugin for OpenSearch that ...)
 	TODO: check
-CVE-2022-41905
-	RESERVED
+CVE-2022-41905 (WsgiDAV is a generic and extendable WebDAV server based on WSGI. Imple ...)
+	TODO: check
 CVE-2022-41904 (Element iOS is an iOS Matrix client provided by Element. It is based o ...)
 	TODO: check
 CVE-2022-41903
@@ -12627,8 +12687,8 @@ CVE-2022-36368 (Multiple stored cross-site scripting vulnerabilities in the web
 	NOT-FOR-US: IPFire
 CVE-2022-41340 (The secp256k1-js package before 1.1.0 for Node.js implements ECDSA wit ...)
 	NOT-FOR-US: Node secp256k1-js
-CVE-2022-41339
-	RESERVED
+CVE-2022-41339 (In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, th ...)
+	TODO: check
 CVE-2022-41338
 	RESERVED
 CVE-2022-41337
@@ -13988,8 +14048,8 @@ CVE-2022-40775 (An issue was discovered in Bento4 through 1.6.0-639. A NULL poin
 	NOT-FOR-US: Bento4
 CVE-2022-40774 (An issue was discovered in Bento4 through 1.6.0-639. There is a NULL p ...)
 	NOT-FOR-US: Bento4
-CVE-2022-40773
-	RESERVED
+CVE-2022-40773 (Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter  ...)
+	TODO: check
 CVE-2022-40772
 	RESERVED
 CVE-2022-40771
@@ -19442,12 +19502,12 @@ CVE-2022-38654 (HCL Domino is susceptible to an information disclosure vulnerabi
 	NOT-FOR-US: HCL
 CVE-2022-38653
 	RESERVED
-CVE-2022-38652
-	RESERVED
-CVE-2022-38651
-	RESERVED
-CVE-2022-38650
-	RESERVED
+CVE-2022-38652 (** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vuln ...)
+	TODO: check
+CVE-2022-38651 (** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exi ...)
+	TODO: check
+CVE-2022-38650 (** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure dese ...)
+	TODO: check
 CVE-2022-38649
 	RESERVED
 CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24710ea20c9f2f0a9ac059c5831a1653bdb0858c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24710ea20c9f2f0a9ac059c5831a1653bdb0858c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221112/d1663194/attachment.htm>

More information about the debian-security-tracker-commits mailing list