[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 18 08:10:23 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5138f279 by security tracker role at 2022-11-18T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-21523
+ RESERVED
+CVE-2023-21522
+ RESERVED
+CVE-2023-21521
+ RESERVED
+CVE-2023-21520
+ RESERVED
+CVE-2023-21519
+ RESERVED
+CVE-2022-45467
+ RESERVED
+CVE-2022-45466
+ RESERVED
+CVE-2022-45465
+ RESERVED
+CVE-2022-45464
+ RESERVED
+CVE-2022-45463
+ RESERVED
+CVE-2022-4056
+ RESERVED
+CVE-2022-4055
+ RESERVED
+CVE-2022-4054
+ RESERVED
CVE-2022-45462
RESERVED
CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and related V ...)
@@ -599,8 +625,8 @@ CVE-2022-45377
RESERVED
CVE-2022-45376
RESERVED
-CVE-2022-45375
- RESERVED
+CVE-2022-45375 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slid ...)
+ TODO: check
CVE-2022-45374
RESERVED
CVE-2022-45373
@@ -1355,8 +1381,8 @@ CVE-2022-45079
RESERVED
CVE-2022-45078
RESERVED
-CVE-2022-45077
- RESERVED
+CVE-2022-45077 (Auth. (subscriber+) PHP Object Injection vulnerability in Betheme them ...)
+ TODO: check
CVE-2022-45076
RESERVED
CVE-2022-45075
@@ -1365,20 +1391,20 @@ CVE-2022-45074
RESERVED
CVE-2022-45073
RESERVED
-CVE-2022-45072
- RESERVED
-CVE-2022-45071
- RESERVED
+CVE-2022-45072 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...)
+ TODO: check
+CVE-2022-45071 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...)
+ TODO: check
CVE-2022-45070
RESERVED
-CVE-2022-45069
- RESERVED
+CVE-2022-45069 (Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal ...)
+ TODO: check
CVE-2022-45068
RESERVED
CVE-2022-45067
RESERVED
-CVE-2022-45066
- RESERVED
+CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe Wo ...)
+ TODO: check
CVE-2022-45065
RESERVED
CVE-2022-45064
@@ -2206,8 +2232,8 @@ CVE-2022-44738
RESERVED
CVE-2022-44737
RESERVED
-CVE-2022-44736
- RESERVED
+CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cham ...)
+ TODO: check
CVE-2022-44735
RESERVED
CVE-2022-44734
@@ -2274,8 +2300,8 @@ CVE-2022-44727 (The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 fo
NOT-FOR-US: PrestaShop module
CVE-2022-44726
RESERVED
-CVE-2022-44725
- RESERVED
+CVE-2022-44725 (OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses ...)
+ TODO: check
CVE-2022-44724 (The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Da ...)
NOT-FOR-US: Stiltsoft
CVE-2022-44723
@@ -3762,8 +3788,8 @@ CVE-2022-44593
RESERVED
CVE-2022-44592
RESERVED
-CVE-2022-44591
- RESERVED
+CVE-2022-44591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anth ...)
+ TODO: check
CVE-2022-44590 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44589
@@ -3790,8 +3816,8 @@ CVE-2022-44579
RESERVED
CVE-2022-44578
RESERVED
-CVE-2022-44577
- RESERVED
+CVE-2022-44577 (Auth. CSV Injection vulnerability in Export Users With Meta plugin < ...)
+ TODO: check
CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Agen ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44575
@@ -4104,22 +4130,22 @@ CVE-2022-44458
RESERVED
CVE-2022-44457 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...)
NOT-FOR-US: Siemens
-CVE-2022-43506
- RESERVED
+CVE-2022-43506 (SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie v ...)
+ TODO: check
CVE-2022-43495 (OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distr ...)
NOT-FOR-US: OpenHarmony
-CVE-2022-43457
- RESERVED
-CVE-2022-43452
- RESERVED
+CVE-2022-43457 (SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie ...)
+ TODO: check
+CVE-2022-43452 (SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie v ...)
+ TODO: check
CVE-2022-43451 (OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal v ...)
NOT-FOR-US: OpenHarmony
CVE-2022-43449 (OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulne ...)
NOT-FOR-US: OpenHarmony
-CVE-2022-43447
- RESERVED
-CVE-2022-41775
- RESERVED
+CVE-2022-43447 (SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie ...)
+ TODO: check
+CVE-2022-41775 (SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie vers ...)
+ TODO: check
CVE-2022-3780 (Database connections on deleted users could stay active on MySQL data ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2022-3779
@@ -5074,8 +5100,8 @@ CVE-2022-44003 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to
NOT-FOR-US: BACKCLICK Professional
CVE-2022-44002 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to insuf ...)
NOT-FOR-US: BACKCLICK Professional
-CVE-2022-44001
- RESERVED
+CVE-2022-44001 (An issue was discovered in BACKCLICK Professional 5.9.63. User authent ...)
+ TODO: check
CVE-2022-44000 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to an ex ...)
NOT-FOR-US: BACKCLICK Professional
CVE-2022-43999 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to expos ...)
@@ -8200,8 +8226,8 @@ CVE-2022-41831
RESERVED
CVE-2022-41805
RESERVED
-CVE-2022-41791
- RESERVED
+CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin ...)
+ TODO: check
CVE-2022-41790
RESERVED
CVE-2022-41788
@@ -8713,8 +8739,8 @@ CVE-2022-43334
RESERVED
CVE-2022-43333
RESERVED
-CVE-2022-43332
- RESERVED
+CVE-2022-43332 (A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows ...)
+ TODO: check
CVE-2022-43331 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Canteen Management System
CVE-2022-43330 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
@@ -8761,8 +8787,8 @@ CVE-2022-43310 (An Uncontrolled Search Path Element in Foxit Software released F
NOT-FOR-US: Foxit Reader
CVE-2022-43309
RESERVED
-CVE-2022-43308
- RESERVED
+CVE-2022-43308 (INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers ...)
+ TODO: check
CVE-2022-43307
RESERVED
CVE-2022-43306 (The d8s-timer for python, as distributed on PyPI, included a potential ...)
@@ -9023,8 +9049,8 @@ CVE-2022-43194
RESERVED
CVE-2022-43193
RESERVED
-CVE-2022-43192
- RESERVED
+CVE-2022-43192 (An arbitrary file upload vulnerability in the component /dede/file_man ...)
+ TODO: check
CVE-2022-43191
RESERVED
CVE-2022-43190
@@ -9041,16 +9067,16 @@ CVE-2022-43185 (A stored cross-site scripting (XSS) vulnerability in the Configu
NOT-FOR-US: Rukovoditel
CVE-2022-43184 (D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command in ...)
NOT-FOR-US: D-Link
-CVE-2022-43183
- RESERVED
+CVE-2022-43183 (XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) vi ...)
+ TODO: check
CVE-2022-43182
RESERVED
CVE-2022-43181
RESERVED
CVE-2022-43180
RESERVED
-CVE-2022-43179
- RESERVED
+CVE-2022-43179 (Online Leave Management System v1.0 was discovered to contain a SQL in ...)
+ TODO: check
CVE-2022-43178
RESERVED
CVE-2022-43177
@@ -9065,8 +9091,8 @@ CVE-2022-43173
RESERVED
CVE-2022-43172
RESERVED
-CVE-2022-43171
- RESERVED
+CVE-2022-43171 (A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinf ...)
+ TODO: check
CVE-2022-43170 (A stored cross-site scripting (XSS) vulnerability in the Dashboard Con ...)
NOT-FOR-US: Rukovoditel
CVE-2022-43169 (A stored cross-site scripting (XSS) vulnerability in the Users Access ...)
@@ -9081,10 +9107,10 @@ CVE-2022-43165 (A stored cross-site scripting (XSS) vulnerability in the Global
NOT-FOR-US: Rukovoditel
CVE-2022-43164 (A stored cross-site scripting (XSS) vulnerability in the Global Lists ...)
NOT-FOR-US: Rukovoditel
-CVE-2022-43163
- RESERVED
-CVE-2022-43162
- RESERVED
+CVE-2022-43163 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
+ TODO: check
+CVE-2022-43162 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
+ TODO: check
CVE-2022-43161
RESERVED
CVE-2022-43160
@@ -9218,8 +9244,8 @@ CVE-2022-43098
RESERVED
CVE-2022-43097
RESERVED
-CVE-2022-43096
- RESERVED
+CVE-2022-43096 (Mediatrix 4102 before v48.5.2718 allows local attackers to gain root a ...)
+ TODO: check
CVE-2022-43095
RESERVED
CVE-2022-43094
@@ -9945,8 +9971,8 @@ CVE-2022-42905 (In wolfSSL before 5.5.2, if callback functions are enabled (via
NOTE: Fixed in 5.5.2 (https://www.wolfssl.com/docs/security-vulnerabilities/)
CVE-2022-42904
RESERVED
-CVE-2022-42903
- RESERVED
+CVE-2022-42903 (Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileg ...)
+ TODO: check
CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before 2022.10, the ...)
{DSA-5260-1 DLA-3192-1}
- lava 2022.10-1 (bug #1021737)
@@ -10876,8 +10902,8 @@ CVE-2022-42535
RESERVED
CVE-2022-42534
RESERVED
-CVE-2022-42533
- RESERVED
+CVE-2022-42533 (In shared_metadata_init of SharedMetadata.cpp, there is a possible out ...)
+ TODO: check
CVE-2022-42532
RESERVED
CVE-2022-42531
@@ -13083,8 +13109,8 @@ CVE-2022-41570 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11. U
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2022-41569
RESERVED
-CVE-2022-41315
- RESERVED
+CVE-2022-41315 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin ...)
+ TODO: check
CVE-2022-41155
RESERVED
CVE-2022-41136 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
@@ -13093,8 +13119,8 @@ CVE-2022-41135
RESERVED
CVE-2022-41134
RESERVED
-CVE-2022-41132
- RESERVED
+CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerabi ...)
+ TODO: check
CVE-2022-40975
RESERVED
CVE-2022-40966
@@ -13107,8 +13133,8 @@ CVE-2022-40699
RESERVED
CVE-2022-40697
RESERVED
-CVE-2022-40694
- RESERVED
+CVE-2022-40694 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News ...)
+ TODO: check
CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analyt ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40218
@@ -13119,8 +13145,8 @@ CVE-2022-40209
RESERVED
CVE-2022-40203
RESERVED
-CVE-2022-40192
- RESERVED
+CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin ...)
+ TODO: check
CVE-2022-40130
RESERVED
CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Expo ...)
@@ -15404,8 +15430,8 @@ CVE-2022-38974
RESERVED
CVE-2022-38468
RESERVED
-CVE-2022-38461
- RESERVED
+CVE-2022-38461 (Broken Access Control vulnerability in WPML Multilingual CMS premium p ...)
+ TODO: check
CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Opt ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38104 (Auth. WordPress Options Change (siteurl, users_can_register, default_r ...)
@@ -16526,8 +16552,8 @@ CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All versions
NOT-FOR-US: Siemens
CVE-2022-40225
REJECTED
-CVE-2022-40200
- RESERVED
+CVE-2022-40200 (Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Foru ...)
+ TODO: check
CVE-2022-40198
RESERVED
CVE-2022-40197
@@ -18433,8 +18459,8 @@ CVE-2022-39391
RESERVED
CVE-2022-39390
REJECTED
-CVE-2022-39389
- RESERVED
+CVE-2022-39389 (Lightning Network Daemon (lnd) is an implementation of a lightning bit ...)
+ TODO: check
CVE-2022-39388 (Istio is an open platform to connect, manage, and secure microservices ...)
NOT-FOR-US: Istio
CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect protocol in ...)
@@ -19004,14 +19030,14 @@ CVE-2022-39183
RESERVED
CVE-2022-39182
RESERVED
-CVE-2022-39181
- RESERVED
-CVE-2022-39180
- RESERVED
-CVE-2022-39179
- RESERVED
-CVE-2022-39178
- RESERVED
+CVE-2022-39181 (GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). ...)
+ TODO: check
+CVE-2022-39180 (College Management System v1.0 - SQL Injection (SQLi). By inserting SQ ...)
+ TODO: check
+CVE-2022-39179 (College Management System v1.0 - Authenticated remote code execution. ...)
+ TODO: check
+CVE-2022-39178 (Webvendome - Webvendome Internal Server IP Disclosure. Send GET Reques ...)
+ TODO: check
CVE-2022-39177 (BlueZ before 5.59 allows physically proximate attackers to cause a den ...)
{DLA-3157-1}
- bluez 5.61-1
@@ -19072,8 +19098,8 @@ CVE-2022-3092
RESERVED
CVE-2022-3091
RESERVED
-CVE-2022-3090
- RESERVED
+CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 ...)
+ TODO: check
CVE-2022-3089
RESERVED
CVE-2022-3088
@@ -22262,8 +22288,8 @@ CVE-2022-38167 (The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. .
NOT-FOR-US: Nintex Workflow plugin for SharePoint
CVE-2022-38166
RESERVED
-CVE-2022-38165
- RESERVED
+CVE-2022-38165 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
+ TODO: check
CVE-2022-38164 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
NOT-FOR-US: WithSecure
CVE-2022-38163 (A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Br ...)
@@ -25512,8 +25538,8 @@ CVE-2022-36926
RESERVED
CVE-2022-36925
RESERVED
-CVE-2022-36924
- RESERVED
+CVE-2022-36924 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local ...)
+ TODO: check
CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-2556 (The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJA ...)
@@ -25794,14 +25820,14 @@ CVE-2022-2548
RESERVED
CVE-2022-2547 (A crafted HTTP packet without a content-type header can create a denia ...)
NOT-FOR-US: Softing Industrial Automation
-CVE-2022-36787
- RESERVED
-CVE-2022-36786
- RESERVED
-CVE-2022-36785
- RESERVED
-CVE-2022-36784
- RESERVED
+CVE-2022-36787 (Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter ...)
+ TODO: check
+CVE-2022-36786 (DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you ...)
+ TODO: check
+CVE-2022-36785 (D-Link – G integrated Access Device4 Information Disclosure & ...)
+ TODO: check
+CVE-2022-36784 (Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo ...)
+ TODO: check
CVE-2022-36783 (AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malic ...)
TODO: check
CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerabi ...)
@@ -26706,8 +26732,8 @@ CVE-2022-36375 (Authenticated (high role user) WordPress Options Change vulnerab
NOT-FOR-US: WordPress plugin
CVE-2022-36371
RESERVED
-CVE-2022-36357
- RESERVED
+CVE-2022-36357 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ULTIMATE ...)
+ TODO: check
CVE-2022-36346 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foun ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems JUST Onli ...)
@@ -48184,12 +48210,12 @@ CVE-2022-28770 (Due to insufficient input validation, SAPUI5 library(vbm) - vers
NOT-FOR-US: SAP
CVE-2022-28769
RESERVED
-CVE-2022-28768
- RESERVED
+CVE-2022-28768 (The Zoom Client for Meetings Installer for macOS (Standard and for IT ...)
+ TODO: check
CVE-2022-28767
RESERVED
-CVE-2022-28766
- RESERVED
+CVE-2022-28766 (Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 ...)
+ TODO: check
CVE-2022-28765
RESERVED
CVE-2022-28764 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...)
@@ -54488,7 +54514,7 @@ CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with w
NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68
NOTE: http://www.openwall.com/lists/oss-security/2022/03/10/1
CVE-2022-26651 (An issue was discovered in Asterisk through 19.x and Certified Asteris ...)
- {DLA-3194-1}
+ {DSA-5285-1 DLA-3194-1}
- asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <postponed> (Fix in next upload)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29838
@@ -54817,13 +54843,13 @@ CVE-2022-26501 (Improper authentication in Veeam Backup & Replication 9.5U3,
CVE-2022-26500 (Improper limitation of path names in Veeam Backup & Replication 9. ...)
NOT-FOR-US: Veeam
CVE-2022-26499 (An SSRF issue was discovered in Asterisk through 19.x. When using STIR ...)
- {DLA-3194-1}
+ {DSA-5285-1 DLA-3194-1}
- asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29476
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-002.html
CVE-2022-26498 (An issue was discovered in Asterisk through 19.x. When using STIR/SHAK ...)
- {DLA-3194-1}
+ {DSA-5285-1 DLA-3194-1}
- asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29872
@@ -59396,8 +59422,8 @@ CVE-2022-24941
RESERVED
CVE-2022-24940
RESERVED
-CVE-2022-24939
- RESERVED
+CVE-2022-24939 (A malformed packet containing an invalid destination address, causes a ...)
+ TODO: check
CVE-2022-24938 (A malformed packet causes a stack overflow in the Ember ZNet stack. Th ...)
NOT-FOR-US: Ember ZNet
CVE-2022-24937 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
@@ -59811,7 +59837,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation
CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...)
NOT-FOR-US: Express OpenID Connect
CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3194-1 DLA-3036-1}
+ {DSA-5285-1 DLA-3194-1 DLA-3036-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -59819,7 +59845,7 @@ CVE-2022-24793 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
NOTE: https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
CVE-2022-24792 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3194-1 DLA-3036-1}
+ {DSA-5285-1 DLA-3194-1 DLA-3036-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -59845,7 +59871,7 @@ CVE-2022-24788 (Vyper is a pythonic Smart Contract Language for the ethereum vir
CVE-2022-24787 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
NOT-FOR-US: Vyper
CVE-2022-24786 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3194-1}
+ {DSA-5285-1 DLA-3194-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -59938,7 +59964,7 @@ CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific pat
NOTE: https://lore.kernel.org/git/CAKJfoCEgiNvQJGt=rGYTaKQ1i2ihrPmX2Sz3Zxg-y66L+1Qh6g@mail.gmail.com/
NOTE: https://github.blog/2022-04-12-git-security-vulnerability-announced/
CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <unfixed>
@@ -59946,7 +59972,7 @@ CVE-2022-24764 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
NOTE: https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
CVE-2022-24763 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3194-1 DLA-3036-1}
+ {DSA-5285-1 DLA-3194-1 DLA-3036-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -63932,8 +63958,8 @@ CVE-2022-23750
RESERVED
CVE-2022-23749
RESERVED
-CVE-2022-23748
- RESERVED
+CVE-2022-23748 (mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable ...)
+ TODO: check
CVE-2022-23747 (In Sony Xperia series 1, 5, and Pro, an out of bound memory access can ...)
NOT-FOR-US: Sony
CVE-2022-23746
@@ -64256,7 +64282,7 @@ CVE-2022-23610 (wire-server provides back end services for Wire, an open source
CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23608 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -76618,7 +76644,7 @@ CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole wa
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
NOTE: https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 (REL42.3.2)
CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -76629,7 +76655,7 @@ CVE-2022-21723 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
NOTE: https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896
CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -77176,7 +77202,7 @@ CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prio
CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...)
NOT-FOR-US: solidus_frontend
CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...)
- {DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -77281,7 +77307,7 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceabili
CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
NOT-FOR-US: Solidus
CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -79659,7 +79685,7 @@ CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
- {DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -79667,7 +79693,7 @@ CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An at
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...)
- {DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -79675,7 +79701,7 @@ CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_crea
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...)
- {DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -79683,7 +79709,7 @@ CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create.
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...)
- {DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -79691,7 +79717,7 @@ CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create.
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...)
- {DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -83000,10 +83026,10 @@ CVE-2022-20462 (In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a poss
NOT-FOR-US: Android
CVE-2022-20461
RESERVED
-CVE-2022-20460
- RESERVED
-CVE-2022-20459
- RESERVED
+CVE-2022-20460 (In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the ...)
+ TODO: check
+CVE-2022-20459 (In (TBD) of (TBD), there is a possible way to redirect code execution ...)
+ TODO: check
CVE-2022-20458
RESERVED
CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there is a poss ...)
@@ -83064,10 +83090,10 @@ CVE-2022-20430 (There is an missing authorization issue in the system service. S
NOT-FOR-US: Android
CVE-2022-20429 (In CarSettings of app packages, there is a possible permission bypass ...)
NOT-FOR-US: Android
-CVE-2022-20428
- RESERVED
-CVE-2022-20427
- RESERVED
+CVE-2022-20428 (In (TBD) of (TBD), there is a possible out of bounds write due to a mi ...)
+ TODO: check
+CVE-2022-20427 (In (TBD) of (TBD), there is a possible way to corrupt memory due to im ...)
+ TODO: check
CVE-2022-20426 (In multiple functions of many files, there is a possible obstruction o ...)
NOT-FOR-US: Android
CVE-2022-20425 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...)
@@ -96399,7 +96425,7 @@ CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to
CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
NOT-FOR-US: Shopware
CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -98272,8 +98298,8 @@ CVE-2021-36907
RESERVED
CVE-2021-36906 (Multiple Insecure Direct Object References (IDOR) vulnerabilities in E ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36905
- RESERVED
+CVE-2021-36905 (Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulner ...)
+ TODO: check
CVE-2021-36904
RESERVED
CVE-2021-36903
@@ -105448,8 +105474,8 @@ CVE-2021-33899
RESERVED
CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize( ...)
NOT-FOR-US: Invoice Ninja
-CVE-2021-33897
- RESERVED
+CVE-2021-33897 (A buffer overflow in Synthesia before 10.7.5567, when a non-Latin loca ...)
+ TODO: check
CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (o ...)
- dino-im 0.2.0-3
[buster] - dino-im <no-dsa> (Minor issue)
@@ -111601,8 +111627,8 @@ CVE-2021-31610 (The Bluetooth Classic implementation on AB32VG1 devices does not
NOT-FOR-US: Bluetrum
CVE-2021-31609 (The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and e ...)
NOT-FOR-US: Silicon Labs Bluetooth
-CVE-2021-31608
- RESERVED
+CVE-2021-31608 (Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Se ...)
+ TODO: check
CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...)
{DLA-2815-1}
- salt 3002.6+dfsg1-2 (bug #987496)
@@ -234779,7 +234805,7 @@ CVE-2019-15299 (An issue was discovered in Centreon Web through 19.04.3. When a
CVE-2019-15298 (A problem was found in Centreon Web through 19.04.3. An authenticated ...)
- centreon-web <itp> (bug #913903)
CVE-2021-46837 (res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17. ...)
- {DLA-3194-1}
+ {DSA-5285-1 DLA-3194-1}
- asterisk 1:18.9.0~dfsg+~cs6.10.40431411-1 (bug #1018073)
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-006.html
NOTE: This is related to CVE-2019-15297 symptoms but not for exactly the same reason.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5138f27915bd48bbe55a84aa0ca70de1216f8323
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5138f27915bd48bbe55a84aa0ca70de1216f8323
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221118/a4ab5834/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list