[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 7 09:10:46 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9dc26baf by security tracker role at 2022-10-07T08:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2022-42468
+	RESERVED
+CVE-2022-42467
+	RESERVED
+CVE-2022-42466
+	RESERVED
+CVE-2022-42458
+	RESERVED
+CVE-2022-42001
+	RESERVED
+CVE-2022-42000
+	RESERVED
+CVE-2022-41986
+	RESERVED
+CVE-2022-41814
+	RESERVED
+CVE-2022-41796
+	RESERVED
+CVE-2022-41789
+	RESERVED
+CVE-2022-41611
+	RESERVED
+CVE-2022-3418
+	RESERVED
+CVE-2022-3417
+	RESERVED
+CVE-2022-3416
+	RESERVED
+CVE-2022-3415
+	RESERVED
+CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
+	TODO: check
+CVE-2022-3413
+	RESERVED
+CVE-2022-3412
+	RESERVED
+CVE-2022-3411
+	RESERVED
+CVE-2022-3410
+	RESERVED
+CVE-2022-3409
+	RESERVED
+CVE-2022-3408
+	RESERVED
+CVE-2022-3407
+	RESERVED
 CVE-2022-42457 (Generex CS141 before 2.08 allows remote command execution by administr ...)
 	NOT-FOR-US: Generex CS141
 CVE-2022-42456
@@ -1722,8 +1768,7 @@ CVE-2022-41674
 	RESERVED
 CVE-2022-41673
 	RESERVED
-CVE-2022-41672
-	RESERVED
+CVE-2022-41672 (In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn' ...)
 	- airflow <itp> (bug #819700)
 CVE-2022-41671
 	RESERVED
@@ -4683,8 +4728,8 @@ CVE-2022-40496
 	RESERVED
 CVE-2022-40495
 	RESERVED
-CVE-2022-40494
-	RESERVED
+CVE-2022-40494 (NPS before v0.26.10 was discovered to contain an authentication bypass ...)
+	TODO: check
 CVE-2022-40493
 	RESERVED
 CVE-2022-40492
@@ -7349,8 +7394,8 @@ CVE-2022-39286
 	RESERVED
 CVE-2022-39285
 	RESERVED
-CVE-2022-39284
-	RESERVED
+CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions prior to 4. ...)
+	TODO: check
 CVE-2022-39283
 	RESERVED
 CVE-2022-39282
@@ -7359,8 +7404,8 @@ CVE-2022-39281
 	RESERVED
 CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in versions bef ...)
 	TODO: check
-CVE-2022-39279
-	RESERVED
+CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board which adds  ...)
+	TODO: check
 CVE-2022-39278
 	RESERVED
 CVE-2022-39277
@@ -9262,16 +9307,14 @@ CVE-2022-2931
 	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-2930 (Unverified Password Change in GitHub repository octoprint/octoprint pr ...)
 	- octoprint <itp> (bug #718591)
-CVE-2022-2929 [DHCP memory leak]
-	RESERVED
+CVE-2022-2929 (In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1  ...)
 	{DSA-5251-1}
 	- isc-dhcp <unfixed> (bug #1021320)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1
 	NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/
 	NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/
 	NOTE: https://kb.isc.org/docs/cve-2022-2929
-CVE-2022-2928 [An option refcount overflow exists in dhcpd]
-	RESERVED
+CVE-2022-2928 (In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P ...)
 	{DSA-5251-1}
 	- isc-dhcp <unfixed> (bug #1021320)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1
@@ -39594,8 +39637,8 @@ CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via she
 	NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13
 	NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/9209bce8afaf6fde19cdac7f5eaea1b744c3e79e (0.8.5)
 	NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/afea0e722f1d14eaf14bf0e5ebb444d3271ff1ef (0.8.5)
-CVE-2022-27810
-	RESERVED
+CVE-2022-27810 (It was possible to trigger an infinite recursion condition in the erro ...)
+	TODO: check
 CVE-2022-27809
 	RESERVED
 CVE-2022-27802 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
@@ -44038,12 +44081,12 @@ CVE-2022-26240 (The default privileges for the running service Normand Message B
 	NOT-FOR-US: Beckman Coulter Remisol Advance
 CVE-2022-26239 (The default privileges for the running service Normand License Manager ...)
 	NOT-FOR-US: Beckman Coulter Remisol Advance
-CVE-2022-26238
-	RESERVED
+CVE-2022-26238 (The default privileges for the running service Normand Service Manager ...)
+	TODO: check
 CVE-2022-26237 (The default privileges for the running service Normand Viewer Service  ...)
 	NOT-FOR-US: Beckman Coulter Remisol Advance
-CVE-2022-26236
-	RESERVED
+CVE-2022-26236 (The default privileges for the running service Normand Remisol Advance ...)
+	TODO: check
 CVE-2022-26235 (A vulnerability was discovered in the Remisol Advance v2.0.12.1 and be ...)
 	NOT-FOR-US: Beckman Coulter Remisol Advance
 CVE-2022-26234



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dc26baf0165e2dd1e06072182422f1674867716

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dc26baf0165e2dd1e06072182422f1674867716
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221007/6bfad730/attachment.htm>


More information about the debian-security-tracker-commits mailing list