[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 25 08:10:25 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b477634 by security tracker role at 2022-11-25T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-45897
+	RESERVED
+CVE-2022-45896
+	RESERVED
+CVE-2022-45895
+	RESERVED
+CVE-2022-45894
+	RESERVED
+CVE-2022-45893
+	RESERVED
+CVE-2022-45892
+	RESERVED
+CVE-2022-45891
+	RESERVED
+CVE-2022-45890
+	RESERVED
+CVE-2022-45889
+	RESERVED
+CVE-2022-45888 (An issue was discovered in the Linux kernel through 6.0.9. drivers/cha ...)
+	TODO: check
+CVE-2022-45887 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...)
+	TODO: check
+CVE-2022-45886 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...)
+	TODO: check
+CVE-2022-45885 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...)
+	TODO: check
+CVE-2022-45884 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...)
+	TODO: check
 CVE-2022-45883
 	RESERVED
 CVE-2022-45877
@@ -45,8 +73,8 @@ CVE-2022-45866 (qpress before PierreLvx/qpress 20220819 and before version 11.3,
 	NOT-FOR-US: qpress
 CVE-2022-4136 (Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4 ...)
 	NOT-FOR-US: leadshop
-CVE-2022-4135
-	RESERVED
+CVE-2022-4135 (Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 a ...)
+	TODO: check
 CVE-2022-4134
 	RESERVED
 	- glance <unfixed>
@@ -17479,8 +17507,8 @@ CVE-2022-40284 (A buffer overflow was discovered in NTFS-3G before 2022.10.3. Cr
 	NOTE: https://github.com/tuxera/ntfs-3g/commit/76c3a799a97fbcedeeeca57f598be508ae2a1656 (2022.10.3)
 CVE-2022-40283
 	RESERVED
-CVE-2022-40282
-	RESERVED
+CVE-2022-40282 (The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authe ...)
+	TODO: check
 CVE-2022-40281 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...)
 	NOT-FOR-US: Samsung TizenRT
 CVE-2022-40280 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...)
@@ -24032,8 +24060,8 @@ CVE-2022-2723 (A vulnerability was found in SourceCodester Employee Management S
 	NOT-FOR-US: SourceCodester Employee Management System
 CVE-2022-2722 (A vulnerability was found in SourceCodester Simple Student Information ...)
 	NOT-FOR-US: SourceCodester Simple Student Information System
-CVE-2022-2721
-	RESERVED
+CVE-2022-2721 (In affected versions of Octopus Server it is possible for target disco ...)
+	TODO: check
 CVE-2022-2720 (In affected versions of Octopus Server it was identified that when a s ...)
 	NOT-FOR-US: Octopus Server
 CVE-2021-46833
@@ -24661,7 +24689,7 @@ CVE-2022-37599 (A Regular expression denial of service (ReDoS) flaw was found in
 	NOTE: https://github.com/webpack/loader-utils/issues/211
 	NOTE: https://github.com/webpack/loader-utils/pull/225
 	NOTE: https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb (v2.0.4)
-CVE-2022-37598 (Prototype pollution vulnerability in function DEFNODE in ast.js in mis ...)
+CVE-2022-37598 (** DISPUTED ** Prototype pollution vulnerability in function DEFNODE i ...)
 	- uglify-js <unfixed> (unimportant)
 	- uglifyjs <removed> (unimportant)
 	NOTE: https://github.com/mishoo/UglifyJS/issues/5699
@@ -28586,8 +28614,8 @@ CVE-2022-36135
 	RESERVED
 CVE-2022-36134
 	RESERVED
-CVE-2022-36133
-	RESERVED
+CVE-2022-36133 (The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices wit ...)
+	TODO: check
 CVE-2022-36132
 	RESERVED
 CVE-2022-36131 (The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to s ...)
@@ -30151,7 +30179,7 @@ CVE-2022-35503
 	RESERVED
 CVE-2022-35502
 	RESERVED
-CVE-2022-35501 (Stored Cross-site Scripting in Amasty Blog Pro 2.10.4 and 2.10.4 creat ...)
+CVE-2022-35501 (Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 ...)
 	NOT-FOR-US: Amasty Blog Pro
 CVE-2022-35500 (Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via lea ...)
 	NOT-FOR-US: Amasty Blog
@@ -46237,24 +46265,24 @@ CVE-2022-29835 (WD Discovery software executable files were signed with an unsaf
 	NOT-FOR-US: WD Discovery software
 CVE-2022-29834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: ICONICS
-CVE-2022-29833
-	RESERVED
-CVE-2022-29832
-	RESERVED
-CVE-2022-29831
-	RESERVED
-CVE-2022-29830
-	RESERVED
-CVE-2022-29829
-	RESERVED
-CVE-2022-29828
-	RESERVED
-CVE-2022-29827
-	RESERVED
-CVE-2022-29826
-	RESERVED
-CVE-2022-29825
-	RESERVED
+CVE-2022-29833 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...)
+	TODO: check
+CVE-2022-29832 (Cleartext Storage of Sensitive Information in Memory vulnerability in  ...)
+	TODO: check
+CVE-2022-29831 (Use of Hard-coded Password vulnerability in Mitsubishi Electric Corpor ...)
+	TODO: check
+CVE-2022-29830 (Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electr ...)
+	TODO: check
+CVE-2022-29829 (Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electr ...)
+	TODO: check
+CVE-2022-29828 (Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electr ...)
+	TODO: check
+CVE-2022-29827 (Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electr ...)
+	TODO: check
+CVE-2022-29826 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...)
+	TODO: check
+CVE-2022-29825 (Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Wor ...)
+	TODO: check
 CVE-2022-29824 (In libxml2 before 2.9.14, several buffer handling functions in buf.c ( ...)
 	{DSA-5142-1 DLA-3012-1}
 	- libxml2 2.9.14+dfsg-1 (bug #1010526)
@@ -59861,8 +59889,8 @@ CVE-2022-25166 (An issue was discovered in Amazon AWS VPN Client 2.0.0. It is po
 	NOT-FOR-US: Amazon AWS VPN Client
 CVE-2022-25165 (An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race  ...)
 	NOT-FOR-US: Amazon AWS VPN Client
-CVE-2022-25164
-	RESERVED
+CVE-2022-25164 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...)
+	TODO: check
 CVE-2022-25163 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC- ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2022-25162 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b4776344e0f9fb9b05eec726b794a5a863542c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b4776344e0f9fb9b05eec726b794a5a863542c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221125/d9d965ab/attachment.htm>

More information about the debian-security-tracker-commits mailing list