[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 15 20:10:28 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6ac24945 by security tracker role at 2022-11-15T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2022-45442
+ RESERVED
+CVE-2022-45441
+ RESERVED
+CVE-2022-45440
+ RESERVED
+CVE-2022-45439
+ RESERVED
+CVE-2022-45438
+ RESERVED
+CVE-2022-45437
+ RESERVED
+CVE-2022-45436
+ RESERVED
+CVE-2022-4003
+ RESERVED
+CVE-2022-4002
+ RESERVED
+CVE-2022-4001
+ RESERVED
+CVE-2022-4000
+ RESERVED
+CVE-2022-3999
+ RESERVED
+CVE-2022-3998 (A vulnerability, which was classified as critical, was found in Monika ...)
+ TODO: check
+CVE-2022-3997 (A vulnerability, which was classified as critical, has been found in M ...)
+ TODO: check
+CVE-2022-3996
+ RESERVED
CVE-2022-45435
RESERVED
CVE-2022-45434
@@ -362,8 +392,7 @@ CVE-2022-45403
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45403
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45403
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45403
-CVE-2022-45402
- RESERVED
+CVE-2022-45402 (In Apache Airflow versions prior to 2.4.3, there was an open redirect ...)
- airflow <itp> (bug #819700)
CVE-2022-45401
RESERVED
@@ -964,8 +993,8 @@ CVE-2022-45147
RESERVED
CVE-2022-3959 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Drogon
-CVE-2022-3958
- RESERVED
+CVE-2022-3958 (Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar exten ...)
+ TODO: check
CVE-2022-3957 (A vulnerability classified as problematic was found in GPAC. Affected ...)
- gpac <unfixed> (unimportant)
NOTE: https://github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb
@@ -1310,12 +1339,12 @@ CVE-2022-3897
RESERVED
CVE-2022-3896
RESERVED
-CVE-2022-3895
- RESERVED
+CVE-2022-3895 (Some UI elements of the Common User Interface Component are not proper ...)
+ TODO: check
CVE-2022-3894
RESERVED
-CVE-2022-3893
- RESERVED
+CVE-2022-3893 (Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extens ...)
+ TODO: check
CVE-2022-3892
RESERVED
CVE-2022-3891
@@ -3942,6 +3971,7 @@ CVE-2022-3776 (The Restaurant Menu – Food Ordering System – Table Re
NOT-FOR-US: WordPress plugin
CVE-2022-3775
RESERVED
+ {DSA-5280-1}
- grub2 2.06-5
NOTE: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
CVE-2022-3774 (A vulnerability was found in SourceCodester Train Scheduler App 1.0 an ...)
@@ -4981,8 +5011,8 @@ CVE-2022-3739
RESERVED
CVE-2022-3738
RESERVED
-CVE-2022-3737
- RESERVED
+CVE-2022-3737 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 me ...)
+ TODO: check
CVE-2023-20851
RESERVED
CVE-2023-20850
@@ -7182,8 +7212,8 @@ CVE-2022-43782
RESERVED
CVE-2022-43781
RESERVED
-CVE-2022-43780
- RESERVED
+CVE-2022-43780 (Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to ...)
+ TODO: check
CVE-2022-43779
RESERVED
CVE-2022-43778
@@ -9067,8 +9097,8 @@ CVE-2022-43073
RESERVED
CVE-2022-43072
RESERVED
-CVE-2022-43071
- RESERVED
+CVE-2022-43071 (A stack overflow in the Catalog::readPageLabelTree2(Object*) function ...)
+ TODO: check
CVE-2022-43070
RESERVED
CVE-2022-43069
@@ -9729,8 +9759,8 @@ CVE-2022-3482
RESERVED
CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does not prop ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3480
- RESERVED
+CVE-2022-3480 (A remote, unauthenticated attacker could cause a denial-of-service of ...)
+ TODO: check
CVE-2022-3479 (A vulnerability found in nss. By this security vulnerability, nss clie ...)
- nss <unfixed> (bug #1021786)
[bullseye] - nss <no-dsa> (Minor issue)
@@ -9876,8 +9906,8 @@ CVE-2022-41687
RESERVED
CVE-2022-40221
RESERVED
-CVE-2022-3461
- RESERVED
+CVE-2022-3461 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 ma ...)
+ TODO: check
CVE-2022-3460
RESERVED
CVE-2022-3459
@@ -10837,20 +10867,20 @@ CVE-2022-42466 (Prior to 2.0.0-M9, it was possible for an end-user to set the va
NOT-FOR-US: Apache Isis
CVE-2022-42458
RESERVED
-CVE-2022-42001
- RESERVED
-CVE-2022-42000
- RESERVED
+CVE-2022-42001 (Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extensi ...)
+ TODO: check
+CVE-2022-42000 (Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile ext ...)
+ TODO: check
CVE-2022-41986 (Information disclosure vulnerability in Android App 'IIJ SmartKey' ver ...)
NOT-FOR-US: Android App 'IIJ SmartKey'
-CVE-2022-41814
- RESERVED
+CVE-2022-41814 (Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extens ...)
+ TODO: check
CVE-2022-41796 (Untrusted search path vulnerability in the installer of Content Transf ...)
NOT-FOR-US: installer of Content Transfer (for Windows)
-CVE-2022-41789
- RESERVED
-CVE-2022-41611
- RESERVED
+CVE-2022-41789 (Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of ...)
+ TODO: check
+CVE-2022-41611 (Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of ...)
+ TODO: check
CVE-2022-3418 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3417
@@ -12553,10 +12583,12 @@ CVE-2022-37409
CVE-2022-41743 (NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in t ...)
NOT-FOR-US: NGINX Plus
CVE-2022-41742 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...)
+ {DSA-5281-1}
- nginx 1.22.1-1
NOTE: https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea (release-1.22.1)
NOTE: Only affects the nginx-extras binary package
CVE-2022-41741 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...)
+ {DSA-5281-1}
- nginx 1.22.1-1
NOTE: https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea (release-1.22.1)
NOTE: Only affects the nginx-extras binary package
@@ -12991,8 +13023,8 @@ CVE-2022-41560
RESERVED
CVE-2022-41559
RESERVED
-CVE-2022-41558
- RESERVED
+CVE-2022-41558 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire A ...)
+ TODO: check
CVE-2022-41342
RESERVED
CVE-2022-41314
@@ -14548,8 +14580,8 @@ CVE-2022-38088
RESERVED
CVE-2022-36279
RESERVED
-CVE-2022-3240
- RESERVED
+CVE-2022-3240 (The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
CVE-2022-3239 (A flaw use after free in the Linux kernel video4linux driver was found ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
@@ -16069,11 +16101,9 @@ CVE-2022-40314 (A remote code execution risk when restoring backup files origina
- moodle <removed>
CVE-2022-40313 (Recursive rendering of Mustache template helpers containing user input ...)
- moodle <removed>
-CVE-2022-40309
- RESERVED
+CVE-2022-40309 (Users with write permissions to a repository can delete arbitrary dire ...)
NOT-FOR-US: Apache Archiva
-CVE-2022-40308
- RESERVED
+CVE-2022-40308 (If anonymous read enabled, it's possible to read the database file dir ...)
NOT-FOR-US: Apache Archiva
CVE-2022-40199 (Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 t ...)
NOT-FOR-US: EC-CUBE
@@ -24275,6 +24305,7 @@ CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Passwo
NOT-FOR-US: EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon Controllers M580 and M340
CVE-2022-2601
RESERVED
+ {DSA-5280-1}
- grub2 2.06-5
NOTE: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set re ...)
@@ -34984,18 +35015,18 @@ CVE-2022-33241
RESERVED
CVE-2022-33240
RESERVED
-CVE-2022-33239
- RESERVED
+CVE-2022-33239 (Transient DOS due to loop with unreachable exit condition in WLAN firm ...)
+ TODO: check
CVE-2022-33238
RESERVED
-CVE-2022-33237
- RESERVED
-CVE-2022-33236
- RESERVED
+CVE-2022-33237 (Transient DOS due to buffer over-read in WLAN firmware while processin ...)
+ TODO: check
+CVE-2022-33236 (Transient DOS due to buffer over-read in WLAN firmware while parsing c ...)
+ TODO: check
CVE-2022-33235
RESERVED
-CVE-2022-33234
- RESERVED
+CVE-2022-33234 (Memory corruption in video due to configuration weakness. in Snapdrago ...)
+ TODO: check
CVE-2022-33233
RESERVED
CVE-2022-33232
@@ -56775,12 +56806,12 @@ CVE-2022-25745
RESERVED
CVE-2022-25744
RESERVED
-CVE-2022-25743
- RESERVED
-CVE-2022-25742
- RESERVED
-CVE-2022-25741
- RESERVED
+CVE-2022-25743 (Memory corruption in graphics due to use-after-free while importing gr ...)
+ TODO: check
+CVE-2022-25742 (Denial of service in modem due to infinite loop while parsing IGMPv2 p ...)
+ TODO: check
+CVE-2022-25741 (Denial of service in WLAN due to potential null pointer dereference wh ...)
+ TODO: check
CVE-2022-25740
RESERVED
CVE-2022-25739
@@ -56807,14 +56838,14 @@ CVE-2022-25729
RESERVED
CVE-2022-25728
RESERVED
-CVE-2022-25727
- RESERVED
+CVE-2022-25727 (Memory Corruption in modem due to improper length check while copying ...)
+ TODO: check
CVE-2022-25726
RESERVED
CVE-2022-25725
RESERVED
-CVE-2022-25724
- RESERVED
+CVE-2022-25724 (Memory corruption in graphics due to buffer overflow while validating ...)
+ TODO: check
CVE-2022-25723 (Memory corruption in multimedia due to use after free during callback ...)
NOT-FOR-US: Snapdragon
CVE-2022-25722
@@ -56841,8 +56872,8 @@ CVE-2022-25712
RESERVED
CVE-2022-25711
RESERVED
-CVE-2022-25710
- RESERVED
+CVE-2022-25710 (Denial of service due to null pointer dereference when GATT is disconn ...)
+ TODO: check
CVE-2022-25709
RESERVED
CVE-2022-25708 (Memory corruption in WLAN due to buffer copy without checking size of ...)
@@ -56903,32 +56934,32 @@ CVE-2022-25681
RESERVED
CVE-2022-25680 (Memory corruption in multimedia due to buffer overflow while processin ...)
NOT-FOR-US: Snapdragon
-CVE-2022-25679
- RESERVED
+CVE-2022-25679 (Denial of service in video due to improper access control in broadcast ...)
+ TODO: check
CVE-2022-25678
RESERVED
CVE-2022-25677
RESERVED
-CVE-2022-25676
- RESERVED
+CVE-2022-25676 (Information disclosure in video due to buffer over-read while parsing ...)
+ TODO: check
CVE-2022-25675
RESERVED
-CVE-2022-25674
- RESERVED
+CVE-2022-25674 (Cryptographic issues in WLAN during the group key handshake of the WPA ...)
+ TODO: check
CVE-2022-25673
RESERVED
CVE-2022-25672
RESERVED
-CVE-2022-25671
- RESERVED
+CVE-2022-25671 (Denial of service in MODEM due to reachable assertion in Snapdragon Mo ...)
+ TODO: check
CVE-2022-25670 (Denial of service in WLAN HOST due to buffer over read while unpacking ...)
NOT-FOR-US: Qualcomm
CVE-2022-25669 (Denial of service in video due to buffer over read while parsing MP4 c ...)
NOT-FOR-US: Qualcomm
CVE-2022-25668 (Memory corruption in video driver due to double free while parsing ASF ...)
NOT-FOR-US: Snapdragon
-CVE-2022-25667
- RESERVED
+CVE-2022-25667 (Information disclosure in kernel due to improper handling of ICMP requ ...)
+ TODO: check
CVE-2022-25666 (Memory corruption due to use after free in service while trying to acc ...)
NOT-FOR-US: Snapdragon
CVE-2022-25665 (Information disclosure due to buffer over read in kernel in Snapdragon ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ac249455e68c6459a6311abedd78b11eea03b6d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ac249455e68c6459a6311abedd78b11eea03b6d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221115/6024c246/attachment.htm>
More information about the debian-security-tracker-commits
mailing list