[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 24 20:10:33 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a8d6d5a by security tracker role at 2022-11-24T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2022-45883
+	RESERVED
+CVE-2022-45877
+	RESERVED
+CVE-2022-45875
+	RESERVED
+CVE-2022-45874
+	RESERVED
+CVE-2022-45126
+	RESERVED
+CVE-2022-45118
+	RESERVED
+CVE-2022-44455
+	RESERVED
+CVE-2022-43662
+	RESERVED
+CVE-2022-41802
+	RESERVED
+CVE-2022-4138
+	RESERVED
+CVE-2022-4137
+	RESERVED
 CVE-2022-45873 (systemd 250 and 251 allows local users to achieve a systemd-coredump d ...)
 	- systemd 252-1
 	[bullseye] - systemd <not-affected> (Vulnerable code introduced later)
@@ -21,8 +43,8 @@ CVE-2022-45867
 	RESERVED
 CVE-2022-45866 (qpress before PierreLvx/qpress 20220819 and before version 11.3, as us ...)
 	NOT-FOR-US: qpress
-CVE-2022-4136
-	RESERVED
+CVE-2022-4136 (Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4 ...)
+	TODO: check
 CVE-2022-4135
 	RESERVED
 CVE-2022-4134
@@ -910,12 +932,12 @@ CVE-2022-44608
 	RESERVED
 CVE-2022-4091
 	RESERVED
-CVE-2022-4090
-	RESERVED
-CVE-2022-4089
-	RESERVED
-CVE-2022-4088
-	RESERVED
+CVE-2022-4090 (A vulnerability was found in rickxy Stock Management System and classi ...)
+	TODO: check
+CVE-2022-4089 (A vulnerability was found in rickxy Stock Management System. It has be ...)
+	TODO: check
+CVE-2022-4088 (A vulnerability was found in rickxy Stock Management System and classi ...)
+	TODO: check
 CVE-2022-4087 (A vulnerability was found in iPXE. It has been declared as problematic ...)
 	- ipxe <not-affected> (Vulnerable code not present)
 	NOTE: Introduced by: https://github.com/ipxe/ipxe/commit/634a86093af9a6d134be8662f25616f4edfec683
@@ -13972,6 +13994,7 @@ CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and classi
 CVE-2022-3353
 	RESERVED
 CVE-2022-3352 (Use After Free in GitHub repository vim/vim prior to 9.0.0614. ...)
+	{DLA-3204-1}
 	- vim 2:9.0.0626-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60
 	NOTE: https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15 (v9.0.0614)
@@ -15157,6 +15180,7 @@ CVE-2022-3258 (Incorrect Permission Assignment for Critical Resource vulnerabili
 CVE-2022-3257 (Mattermost version 7.1.x and earlier fails to sufficiently process a s ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2022-3256 (Use After Free in GitHub repository vim/vim prior to 9.0.0530. ...)
+	{DLA-3204-1}
 	- vim 2:9.0.0626-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3
 	NOTE: https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad (v9.0.0530)
@@ -15749,10 +15773,10 @@ CVE-2022-40979 (In JetBrains TeamCity before 2022.04.4 environmental variables o
 	NOT-FOR-US: JetBrains TeamCity
 CVE-2022-40978 (The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerabl ...)
 	NOT-FOR-US: installer of JetBrains IntelliJ IDEA
-CVE-2022-40977
-	RESERVED
-CVE-2022-40976
-	RESERVED
+CVE-2022-40977 (A path traversal vulnerability was discovered in Pilz PASvisu Server b ...)
+	TODO: check
+CVE-2022-40976 (A path traversal vulnerability was discovered in multiple Pilz product ...)
+	TODO: check
 CVE-2022-40969
 	RESERVED
 CVE-2022-40962
@@ -16234,6 +16258,7 @@ CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin al
 CVE-2022-40763
 	RESERVED
 CVE-2022-3235 (Use After Free in GitHub repository vim/vim prior to 9.0.0490. ...)
+	{DLA-3204-1}
 	- vim 2:9.0.0626-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af
 	NOTE: https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0 (v9.0.0490)
@@ -17479,8 +17504,8 @@ CVE-2022-40268
 	RESERVED
 CVE-2022-40267
 	RESERVED
-CVE-2022-40266
-	RESERVED
+CVE-2022-40266 (Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 ...)
+	TODO: check
 CVE-2022-40265
 	RESERVED
 CVE-2022-40264
@@ -25229,8 +25254,8 @@ CVE-2022-2652 (Depending on the way the format strings in the card label are cra
 	NOTE: Negligible security impact
 CVE-2022-2651 (Authentication Bypass by Primary Weakness in GitHub repository bookwyr ...)
 	NOT-FOR-US: BookWyrm
-CVE-2022-2650
-	RESERVED
+CVE-2022-2650 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
+	TODO: check
 CVE-2022-2649
 	RESERVED
 CVE-2022-2648 (A vulnerability was found in SourceCodester Multi Language Hotel Manag ...)
@@ -34544,6 +34569,7 @@ CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, al
 	[buster] - commons-configuration2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5
 CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
+	{DLA-3204-1}
 	- vim 2:9.0.0135-1 (bug #1015984)
 	[stretch] - vim <postponed> (Minor issue)
 	NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
@@ -38308,6 +38334,7 @@ CVE-2022-30532 (In affected versions of Octopus Deploy, there is no logging of c
 CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be customi ...)
 	NOT-FOR-US: Octopus Server
 CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
+	{DLA-3204-1}
 	- vim 2:9.0.0135-1 (bug #1015984)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <no-dsa> (Minor issue)
@@ -40109,6 +40136,7 @@ CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file sy
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412
 	NOTE: Fixed by: https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7)
 CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+	{DLA-3204-1}
 	- vim 2:9.0.0135-1 (bug #1015984)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <no-dsa> (Minor issue)
@@ -40522,6 +40550,7 @@ CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 	NOTE: https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a (v8.2.5024)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
+	{DLA-3204-1}
 	- vim 2:9.0.0135-1 (bug #1015984)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <postponed> (Minor issue)
@@ -42697,6 +42726,7 @@ CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s io_ur
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/28/1
 	NOTE: https://blog.kylebot.net/2022/10/16/CVE-2022-1786/
 CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. ...)
+	{DLA-3204-1}
 	- vim 2:9.0.0135-1 (bug #1015984)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <no-dsa> (Minor issue)
@@ -44685,7 +44715,7 @@ CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in l
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a (v4.4.0rc1)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
 CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub repository vim ...)
-	{DLA-3011-1}
+	{DLA-3204-1 DLA-3011-1}
 	- vim 2:9.0.0135-1 (bug #1015984; unimportant)
 	NOTE: https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb
 	NOTE: https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b (v8.2.4919)
@@ -44703,7 +44733,7 @@ CVE-2022-1620 (NULL Pointer Dereference in function vim_regexec_string at regexp
 	NOTE: https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f (v8.2.4901)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub r ...)
-	{DLA-3011-1}
+	{DLA-3204-1 DLA-3011-1}
 	- vim 2:9.0.0135-1 (bug #1015984; unimportant)
 	NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450
 	NOTE: https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe (v8.2.4899)
@@ -54926,8 +54956,8 @@ CVE-2022-0935 (Host Header injection in password Reset in GitHub repository live
 	NOT-FOR-US: livehelperchat
 CVE-2022-26886
 	RESERVED
-CVE-2022-26885
-	RESERVED
+CVE-2022-26885 (When using tasks to read config files, there is a risk of database pas ...)
+	TODO: check
 CVE-2022-26884 (Users can read any files by log server, Apache DolphinScheduler users  ...)
 	NOT-FOR-US: Apache DolphinScheduler
 CVE-2022-0934 (A single-byte, non-arbitrary write/use-after-free flaw was found in dn ...)
@@ -59044,6 +59074,7 @@ CVE-2022-0698
 CVE-2022-0697 (Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. ...)
 	NOT-FOR-US: Archivy
 CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.442 ...)
+	{DLA-3204-1}
 	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/
 	NOTE: https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 (v8.2.4428)
@@ -59585,6 +59616,7 @@ CVE-2022-0630 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
 	NOTE: https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32
 	NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
 CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+	{DLA-3204-1}
 	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/
 	NOTE: https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc (v8.2.4397)
@@ -63513,6 +63545,7 @@ CVE-2022-21798 (The affected product is vulnerable due to cleartext transmission
 CVE-2022-21154 (An integer overflow vulnerability exists in the fltSaveCMP functionali ...)
 	NOT-FOR-US: LeadTools
 CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. ...)
+	{DLA-3204-1}
 	- vim 2:8.2.4659-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <not-affected> (vulnerable code was introduced later)
@@ -64947,6 +64980,7 @@ CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...)
 	NOTE: https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9 (v8.2.4154)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...)
+	{DLA-3204-1}
 	- vim 2:8.2.4659-1 (bug #1004859; unimportant)
 	[stretch] - vim <postponed> (Fix introduces a test regression)
 	NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a8d6d5ad18ac67e7d69575f5a62f7abb4cf5633

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a8d6d5ad18ac67e7d69575f5a62f7abb4cf5633
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221124/6b2a1244/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list