[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 3 21:10:38 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f6c778ad by security tracker role at 2022-10-03T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,399 @@
+CVE-2022-42433
+ RESERVED
+CVE-2022-42432
+ RESERVED
+CVE-2022-42431
+ RESERVED
+CVE-2022-42430
+ RESERVED
+CVE-2022-42429
+ RESERVED
+CVE-2022-42428
+ RESERVED
+CVE-2022-42427
+ RESERVED
+CVE-2022-42426
+ RESERVED
+CVE-2022-42425
+ RESERVED
+CVE-2022-42424
+ RESERVED
+CVE-2022-42423
+ RESERVED
+CVE-2022-42422
+ RESERVED
+CVE-2022-42421
+ RESERVED
+CVE-2022-42420
+ RESERVED
+CVE-2022-42419
+ RESERVED
+CVE-2022-42418
+ RESERVED
+CVE-2022-42417
+ RESERVED
+CVE-2022-42416
+ RESERVED
+CVE-2022-42415
+ RESERVED
+CVE-2022-42414
+ RESERVED
+CVE-2022-42413
+ RESERVED
+CVE-2022-42412
+ RESERVED
+CVE-2022-42411
+ RESERVED
+CVE-2022-42410
+ RESERVED
+CVE-2022-42409
+ RESERVED
+CVE-2022-42408
+ RESERVED
+CVE-2022-42407
+ RESERVED
+CVE-2022-42406
+ RESERVED
+CVE-2022-42405
+ RESERVED
+CVE-2022-42404
+ RESERVED
+CVE-2022-42403
+ RESERVED
+CVE-2022-42402
+ RESERVED
+CVE-2022-42401
+ RESERVED
+CVE-2022-42400
+ RESERVED
+CVE-2022-42399
+ RESERVED
+CVE-2022-42398
+ RESERVED
+CVE-2022-42397
+ RESERVED
+CVE-2022-42396
+ RESERVED
+CVE-2022-42395
+ RESERVED
+CVE-2022-42394
+ RESERVED
+CVE-2022-42393
+ RESERVED
+CVE-2022-42392
+ RESERVED
+CVE-2022-42391
+ RESERVED
+CVE-2022-42390
+ RESERVED
+CVE-2022-42389
+ RESERVED
+CVE-2022-42388
+ RESERVED
+CVE-2022-42387
+ RESERVED
+CVE-2022-42386
+ RESERVED
+CVE-2022-42385
+ RESERVED
+CVE-2022-42384
+ RESERVED
+CVE-2022-42383
+ RESERVED
+CVE-2022-42382
+ RESERVED
+CVE-2022-42381
+ RESERVED
+CVE-2022-42380
+ RESERVED
+CVE-2022-42379
+ RESERVED
+CVE-2022-42378
+ RESERVED
+CVE-2022-42377
+ RESERVED
+CVE-2022-42376
+ RESERVED
+CVE-2022-42375
+ RESERVED
+CVE-2022-42374
+ RESERVED
+CVE-2022-42373
+ RESERVED
+CVE-2022-42372
+ RESERVED
+CVE-2022-42371
+ RESERVED
+CVE-2022-42370
+ RESERVED
+CVE-2022-42369
+ RESERVED
+CVE-2022-42368
+ RESERVED
+CVE-2022-42367
+ RESERVED
+CVE-2022-42366
+ RESERVED
+CVE-2022-42365
+ RESERVED
+CVE-2022-42364
+ RESERVED
+CVE-2022-42363
+ RESERVED
+CVE-2022-42362
+ RESERVED
+CVE-2022-42361
+ RESERVED
+CVE-2022-42360
+ RESERVED
+CVE-2022-42359
+ RESERVED
+CVE-2022-42358
+ RESERVED
+CVE-2022-42357
+ RESERVED
+CVE-2022-42356
+ RESERVED
+CVE-2022-42355
+ RESERVED
+CVE-2022-42354
+ RESERVED
+CVE-2022-42353
+ RESERVED
+CVE-2022-42352
+ RESERVED
+CVE-2022-42351
+ RESERVED
+CVE-2022-42350
+ RESERVED
+CVE-2022-42349
+ RESERVED
+CVE-2022-42348
+ RESERVED
+CVE-2022-42347
+ RESERVED
+CVE-2022-42346
+ RESERVED
+CVE-2022-42345
+ RESERVED
+CVE-2022-42344
+ RESERVED
+CVE-2022-42343
+ RESERVED
+CVE-2022-42342
+ RESERVED
+CVE-2022-42341
+ RESERVED
+CVE-2022-42340
+ RESERVED
+CVE-2022-42339
+ RESERVED
+CVE-2022-42338
+ RESERVED
+CVE-2022-42337
+ RESERVED
+CVE-2022-42336
+ RESERVED
+CVE-2022-42335
+ RESERVED
+CVE-2022-42334
+ RESERVED
+CVE-2022-42333
+ RESERVED
+CVE-2022-42332
+ RESERVED
+CVE-2022-42331
+ RESERVED
+CVE-2022-42330
+ RESERVED
+CVE-2022-42329
+ RESERVED
+CVE-2022-42328
+ RESERVED
+CVE-2022-42327
+ RESERVED
+CVE-2022-42326
+ RESERVED
+CVE-2022-42325
+ RESERVED
+CVE-2022-42324
+ RESERVED
+CVE-2022-42323
+ RESERVED
+CVE-2022-42322
+ RESERVED
+CVE-2022-42321
+ RESERVED
+CVE-2022-42320
+ RESERVED
+CVE-2022-42319
+ RESERVED
+CVE-2022-42318
+ RESERVED
+CVE-2022-42317
+ RESERVED
+CVE-2022-42316
+ RESERVED
+CVE-2022-42315
+ RESERVED
+CVE-2022-42314
+ RESERVED
+CVE-2022-42313
+ RESERVED
+CVE-2022-42312
+ RESERVED
+CVE-2022-42311
+ RESERVED
+CVE-2022-42310
+ RESERVED
+CVE-2022-42309
+ RESERVED
+CVE-2022-42308 (An issue was discovered in Veritas NetBackup through 8.2 and related V ...)
+ TODO: check
+CVE-2022-42307 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...)
+ TODO: check
+CVE-2022-42306 (An issue was discovered in Veritas NetBackup through 8.2 and related V ...)
+ TODO: check
+CVE-2022-42305 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...)
+ TODO: check
+CVE-2022-42304 (An issue was discovered in Veritas NetBackup through 10.0 and related ...)
+ TODO: check
+CVE-2022-42303 (An issue was discovered in Veritas NetBackup through 10.0 and related ...)
+ TODO: check
+CVE-2022-42302 (An issue was discovered in Veritas NetBackup through 10.0 and related ...)
+ TODO: check
+CVE-2022-42301 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...)
+ TODO: check
+CVE-2022-42300 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...)
+ TODO: check
+CVE-2022-42299 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...)
+ TODO: check
+CVE-2022-42298
+ RESERVED
+CVE-2022-42297
+ RESERVED
+CVE-2022-42296
+ RESERVED
+CVE-2022-42295
+ RESERVED
+CVE-2022-42294
+ RESERVED
+CVE-2022-42293
+ RESERVED
+CVE-2022-42292
+ RESERVED
+CVE-2022-42291
+ RESERVED
+CVE-2022-42290
+ RESERVED
+CVE-2022-42289
+ RESERVED
+CVE-2022-42288
+ RESERVED
+CVE-2022-42287
+ RESERVED
+CVE-2022-42286
+ RESERVED
+CVE-2022-42285
+ RESERVED
+CVE-2022-42284
+ RESERVED
+CVE-2022-42283
+ RESERVED
+CVE-2022-42282
+ RESERVED
+CVE-2022-42281
+ RESERVED
+CVE-2022-42280
+ RESERVED
+CVE-2022-42279
+ RESERVED
+CVE-2022-42278
+ RESERVED
+CVE-2022-42277
+ RESERVED
+CVE-2022-42276
+ RESERVED
+CVE-2022-42275
+ RESERVED
+CVE-2022-42274
+ RESERVED
+CVE-2022-42273
+ RESERVED
+CVE-2022-42272
+ RESERVED
+CVE-2022-42271
+ RESERVED
+CVE-2022-42270
+ RESERVED
+CVE-2022-42269
+ RESERVED
+CVE-2022-42268
+ RESERVED
+CVE-2022-42267
+ RESERVED
+CVE-2022-42266
+ RESERVED
+CVE-2022-42265
+ RESERVED
+CVE-2022-42264
+ RESERVED
+CVE-2022-42263
+ RESERVED
+CVE-2022-42262
+ RESERVED
+CVE-2022-42261
+ RESERVED
+CVE-2022-42260
+ RESERVED
+CVE-2022-42259
+ RESERVED
+CVE-2022-42258
+ RESERVED
+CVE-2022-42257
+ RESERVED
+CVE-2022-42256
+ RESERVED
+CVE-2022-42255
+ RESERVED
+CVE-2022-42254
+ RESERVED
+CVE-2022-42253
+ RESERVED
+CVE-2022-42252
+ RESERVED
+CVE-2022-3406
+ RESERVED
+CVE-2022-3405
+ RESERVED
+CVE-2022-3404
+ RESERVED
+CVE-2022-3403
+ RESERVED
+CVE-2022-3402
+ RESERVED
+CVE-2022-3401
+ RESERVED
+CVE-2022-3400
+ RESERVED
+CVE-2022-3399
+ RESERVED
+CVE-2022-3398
+ RESERVED
+CVE-2022-3397
+ RESERVED
+CVE-2022-3396
+ RESERVED
+CVE-2022-3395
+ RESERVED
+CVE-2022-3394
+ RESERVED
+CVE-2022-3393
+ RESERVED
+CVE-2022-3392
+ RESERVED
+CVE-2022-3391
+ RESERVED
CVE-2022-42251
RESERVED
CVE-2022-42250
@@ -6,8 +402,8 @@ CVE-2022-42249
RESERVED
CVE-2022-42248
RESERVED
-CVE-2022-42247
- RESERVED
+CVE-2022-42247 (pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) ...)
+ TODO: check
CVE-2022-42246
RESERVED
CVE-2022-42245
@@ -1892,8 +2288,8 @@ CVE-2022-41445
RESERVED
CVE-2022-41444
RESERVED
-CVE-2022-41443
- RESERVED
+CVE-2022-41443 (phpipam v1.5.0 was discovered to contain a header injection vulnerabil ...)
+ TODO: check
CVE-2022-41442
RESERVED
CVE-2022-41441
@@ -1918,30 +2314,30 @@ CVE-2022-41432
RESERVED
CVE-2022-41431
RESERVED
-CVE-2022-41430
- RESERVED
-CVE-2022-41429
- RESERVED
-CVE-2022-41428
- RESERVED
-CVE-2022-41427
- RESERVED
-CVE-2022-41426
- RESERVED
-CVE-2022-41425
- RESERVED
-CVE-2022-41424
- RESERVED
-CVE-2022-41423
- RESERVED
+CVE-2022-41430 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...)
+ TODO: check
+CVE-2022-41429 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...)
+ TODO: check
+CVE-2022-41428 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...)
+ TODO: check
+CVE-2022-41427 (Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_A ...)
+ TODO: check
+CVE-2022-41426 (Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_ ...)
+ TODO: check
+CVE-2022-41425 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation v ...)
+ TODO: check
+CVE-2022-41424 (Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_ ...)
+ TODO: check
+CVE-2022-41423 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation i ...)
+ TODO: check
CVE-2022-41422
RESERVED
CVE-2022-41421
RESERVED
-CVE-2022-41420
- RESERVED
-CVE-2022-41419
- RESERVED
+CVE-2022-41420 (nasm v2.16 was discovered to contain a stack overflow in the Ndisasm c ...)
+ TODO: check
+CVE-2022-41419 (Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_ ...)
+ TODO: check
CVE-2022-41418
RESERVED
CVE-2022-41417
@@ -2286,8 +2682,8 @@ CVE-2022-41303
RESERVED
CVE-2022-41302
RESERVED
-CVE-2022-41301
- RESERVED
+CVE-2022-41301 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
+ TODO: check
CVE-2022-41300
RESERVED
CVE-2022-41299
@@ -3143,8 +3539,8 @@ CVE-2022-40924 (Zoo Management System v1.0 has an arbitrary file upload vulnerab
NOT-FOR-US: Zoo Management System
CVE-2022-40923 (A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address fu ...)
NOT-FOR-US: LIEF
-CVE-2022-40922
- RESERVED
+CVE-2022-40922 (A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse funct ...)
+ TODO: check
CVE-2022-40921
RESERVED
CVE-2022-40920
@@ -3460,8 +3856,8 @@ CVE-2022-40766 (Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-
NOT-FOR-US: Modern Campus Omni CMS (formerly OU Campus)
CVE-2022-40765
RESERVED
-CVE-2022-40764
- RESERVED
+CVE-2022-40764 (Snyk CLI before 1.996.0 allows arbitrary command execution, affecting ...)
+ TODO: check
CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin allows ...)
NOT-FOR-US: Sophos
CVE-2022-40763
@@ -3588,8 +3984,8 @@ CVE-2022-40723
RESERVED
CVE-2022-40722
RESERVED
-CVE-2022-40721
- RESERVED
+CVE-2022-40721 (Arbitrary file upload vulnerability in php uploader ...)
+ TODO: check
CVE-2022-40720
RESERVED
CVE-2022-40719
@@ -5069,8 +5465,8 @@ CVE-2022-40125
RESERVED
CVE-2022-40124
RESERVED
-CVE-2022-40123
- RESERVED
+CVE-2022-40123 (mojoPortal v2.7 was discovered to contain a path traversal vulnerabili ...)
+ TODO: check
CVE-2022-40122 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
NOT-FOR-US: Online Banking System
CVE-2022-40121 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
@@ -5654,24 +6050,24 @@ CVE-2022-39844 (Improper validation of integrity check vulnerability in Smart Sw
NOT-FOR-US: Samsung
CVE-2022-3133 (OS Command Injection in GitHub repository jgraph/drawio prior to 20.3. ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-3132
- RESERVED
+CVE-2022-3132 (The Goolytics WordPress plugin before 1.1.2 does not sanitise and esca ...)
+ TODO: check
CVE-2022-3131
RESERVED
CVE-2022-3130 (A vulnerability classified as critical has been found in codeprojects ...)
NOT-FOR-US: codeprojects Online Driving School
CVE-2022-3129 (A vulnerability was found in codeprojects Online Driving School. It ha ...)
NOT-FOR-US: codeprojects Online Driving School
-CVE-2022-3128
- RESERVED
+CVE-2022-3128 (The Donation Thermometer WordPress plugin before 2.1.3 does not saniti ...)
+ TODO: check
CVE-2022-3127 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3126
RESERVED
-CVE-2022-3125
- RESERVED
-CVE-2022-3124
- RESERVED
+CVE-2022-3125 (The Frontend File Manager Plugin WordPress plugin before 21.3 allows a ...)
+ TODO: check
+CVE-2022-3124 (The Frontend File Manager Plugin WordPress plugin before 21.3 allows a ...)
+ TODO: check
CVE-2022-3123 (Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain ...)
- dokuwiki <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345/
@@ -8086,8 +8482,8 @@ CVE-2022-38819
RESERVED
CVE-2022-38818
RESERVED
-CVE-2022-38817
- RESERVED
+CVE-2022-38817 (Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Acces ...)
+ TODO: check
CVE-2022-38816
RESERVED
CVE-2022-38815
@@ -9682,7 +10078,7 @@ CVE-2022-2848
RESERVED
CVE-2022-2847 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester Guest Management System
-CVE-2022-2846 (A vulnerability classified as problematic was found in Calendar Event ...)
+CVE-2022-2846 (The Calendar Event Multi View WordPress plugin before 1.4.07 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2845 (Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218. ...)
- vim 2:9.0.0229-1 (unimportant)
@@ -9699,8 +10095,8 @@ CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42
NOT-FOR-US: CrowdStrike Falcon
CVE-2022-2840 (The Zephyr Project Manager WordPress plugin before 3.2.5 does not sani ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2839
- RESERVED
+CVE-2022-2839 (The Zephyr Project Manager WordPress plugin before 3.2.55 does not hav ...)
+ TODO: check
CVE-2022-2838 (In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Pars ...)
NOT-FOR-US: Eclipse Sphinx
CVE-2022-2837
@@ -10296,8 +10692,8 @@ CVE-2022-2765 (A vulnerability was found in SourceCodester Company Website CMS 1
CVE-2022-2764 (A flaw was found in Undertow. Denial of service can be achieved as Und ...)
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2117506
-CVE-2022-2763
- RESERVED
+CVE-2022-2763 (The WP Socializer WordPress plugin before 7.3 does not sanitise and es ...)
+ TODO: check
CVE-2022-2762
RESERVED
CVE-2022-2761
@@ -12343,8 +12739,8 @@ CVE-2022-2630
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2629
RESERVED
-CVE-2022-2628
- RESERVED
+CVE-2022-2628 (The DSGVO All in one for WP WordPress plugin before 4.2 does not sanit ...)
+ TODO: check
CVE-2022-2627
RESERVED
CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp ...)
@@ -14286,8 +14682,8 @@ CVE-2022-36553 (Hytec Inter HWL-2511-SS v1.05 and below was discovered to contai
NOT-FOR-US: Hytec Inter HWL-2511-SS
CVE-2022-36552 (Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an is ...)
NOT-FOR-US: Tenda
-CVE-2022-36551
- RESERVED
+CVE-2022-36551 (A Server Side Request Forgery (SSRF) in the Data Import module in Hear ...)
+ TODO: check
CVE-2022-36550
RESERVED
CVE-2022-36549
@@ -16207,9 +16603,9 @@ CVE-2022-2407 (The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape
NOT-FOR-US: WordPress plugin
CVE-2022-2406 (The legacy Slack import feature in Mattermost version 6.7.0 and earlie ...)
- mattermost-server <itp> (bug #823556)
-CVE-2022-2405 (The WP Popup Builder WordPress plugin through 1.2.8 does not have auth ...)
+CVE-2022-2405 (The WP Popup Builder WordPress plugin before 1.2.9 does not have autho ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2404 (The WP Popup Builder WordPress plugin through 1.2.8 does not sanitise ...)
+CVE-2022-2404 (The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2403 (A credentials leak was found in the OpenShift Container Platform. The ...)
NOT-FOR-US: OpenShift
@@ -17872,7 +18268,7 @@ CVE-2022-2316 (HTML injection vulnerability in secure messages of Devolutions Se
NOT-FOR-US: Devolutions Server
CVE-2022-2315 (Database Software Accreditation Tracking/Presentation Module product b ...)
NOT-FOR-US: Database Software Accreditation Tracking/Presentation Module product
-CVE-2022-2314 (The VR Calendar WordPress plugin through 2.2.2 lets any user execute a ...)
+CVE-2022-2314 (The VR Calendar WordPress plugin through 2.3.2 lets any user execute a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for Windows pr ...)
NOT-FOR-US: MA Smart Installer for Windows
@@ -21706,24 +22102,24 @@ CVE-2022-33903 (Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the we
NOTE: https://github.com/torproject/tor/commit/b0496d40197dd5b4fb7b694c1410082d4e34dda6 (tor-0.4.7.8)
CVE-2022-33891 (The Apache Spark UI offers the possibility to enable ACLs via the conf ...)
- apache-spark <itp> (bug #802194)
-CVE-2022-33890
- RESERVED
-CVE-2022-33889
- RESERVED
-CVE-2022-33888
- RESERVED
-CVE-2022-33887
- RESERVED
-CVE-2022-33886
- RESERVED
-CVE-2022-33885
- RESERVED
-CVE-2022-33884
- RESERVED
-CVE-2022-33883
- RESERVED
-CVE-2022-33882
- RESERVED
+CVE-2022-33890 (A maliciously crafted PCT or DWF file when consumed through DesignRevi ...)
+ TODO: check
+CVE-2022-33889 (A maliciously crafted GIF or JPEG files when parsed through Autodesk D ...)
+ TODO: check
+CVE-2022-33888 (A malicious crafted Dwg2Spd file when processed through Autodesk DWG a ...)
+ TODO: check
+CVE-2022-33887 (A maliciously crafted PDF file when parsed through Autodesk AutoCAD 20 ...)
+ TODO: check
+CVE-2022-33886 (A maliciously crafted MODEL and SLDPRT file can be used to write beyon ...)
+ TODO: check
+CVE-2022-33885 (A maliciously crafted X_B, CATIA, and PDF file when parsed through Aut ...)
+ TODO: check
+CVE-2022-33884 (Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 ...)
+ TODO: check
+CVE-2022-33883 (A malicious crafted file consumed through Moldflow Synergy, Moldflow A ...)
+ TODO: check
+CVE-2022-33882 (Under certain conditions, an attacker could create an unintended spher ...)
+ TODO: check
CVE-2022-33881 (Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 ...)
NOT-FOR-US: Autodesk
CVE-2022-33311 (Browse restriction bypass vulnerability in Address Book of Cybozu Offi ...)
@@ -26005,8 +26401,8 @@ CVE-2022-32175
RESERVED
CVE-2022-32174
RESERVED
-CVE-2022-32173
- RESERVED
+CVE-2022-32173 (In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow ...)
+ TODO: check
CVE-2022-32172
RESERVED
CVE-2022-32171
@@ -33141,7 +33537,7 @@ CVE-2022-1481 (Use after free in Sharing in Google Chrome on Mac prior to 101.0.
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1480
- RESERVED
+ REJECTED
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -35640,7 +36036,7 @@ CVE-2022-28959 (Multiple cross-site scripting (XSS) vulnerabilities in the compo
NOTE: https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/
NOTE: https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 (v4.0.0)
NOTE: https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
-CVE-2022-28958 (D-Link DIR816L_FW206b01 was discovered to contain a remote code execut ...)
+CVE-2022-28958 (** DISPUTED ** D-Link DIR816L_FW206b01 was discovered to contain a rem ...)
NOT-FOR-US: D-Link
CVE-2022-28957
RESERVED
@@ -39777,7 +40173,7 @@ CVE-2022-27527 (A Memory Corruption vulnerability may lead to code execution thr
NOT-FOR-US: Autodesk
CVE-2022-27526 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...)
NOT-FOR-US: Autodesk
-CVE-2022-27525 (A malicious crafted .dwf file when consumed through DesignReview.exe a ...)
+CVE-2022-27525 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...)
NOT-FOR-US: Autodesk
CVE-2022-27524 (An out-of-bounds read can be exploited in Autodesk TrueView 2022 may l ...)
NOT-FOR-US: Autodesk
@@ -77810,7 +78206,7 @@ CVE-2021-40169
RESERVED
CVE-2021-40168
RESERVED
-CVE-2021-40167 (A malicious crafted dwf file when consumed through DesignReview.exe ap ...)
+CVE-2021-40167 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...)
NOT-FOR-US: Autodesk
CVE-2021-40166
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6c778ad6eebfb2fbc27cb33126ff197e98ca1b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6c778ad6eebfb2fbc27cb33126ff197e98ca1b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221003/e9e891c3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list