[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 10 21:10:41 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7f2f27bd by security tracker role at 2022-10-10T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2022-42735
+ RESERVED
+CVE-2022-42734
+ RESERVED
+CVE-2022-42733
+ RESERVED
+CVE-2022-42732
+ RESERVED
+CVE-2022-3444
+ RESERVED
+CVE-2022-3443
+ RESERVED
+CVE-2022-3442 (A vulnerability was found in Crealogix EBICS 7.0. It has been rated as ...)
+ TODO: check
+CVE-2022-3441
+ RESERVED
+CVE-2022-3440
+ RESERVED
+CVE-2022-3439
+ RESERVED
+CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. ...)
+ TODO: check
CVE-2022-42731
RESERVED
CVE-2022-42730
@@ -1548,17 +1570,17 @@ CVE-2022-42014
CVE-2022-42013
RESERVED
CVE-2022-42012 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x bef ...)
- {DSA-5250-1}
+ {DSA-5250-1 DLA-3142-1}
- dbus 1.14.4-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1
NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/236f16e444e88a984cf12b09225e0f8efa6c5b44
CVE-2022-42011 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x bef ...)
- {DSA-5250-1}
+ {DSA-5250-1 DLA-3142-1}
- dbus 1.14.4-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1
NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/079bbf16186e87fb0157adf8951f19864bc2ed69
CVE-2022-42010 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x bef ...)
- {DSA-5250-1}
+ {DSA-5250-1 DLA-3142-1}
- dbus 1.14.4-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1
NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/9d07424e9011e3bbe535e83043d335f3093d2916
@@ -5023,7 +5045,7 @@ CVE-2022-40618
RESERVED
CVE-2022-40617
RESERVED
- {DSA-5249-1}
+ {DSA-5249-1 DLA-3143-1}
- strongswan 5.9.8-1 (bug #1021271)
NOTE: https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html
NOTE: Patch: https://download.strongswan.org/security/CVE-2022-40617/
@@ -7972,8 +7994,8 @@ CVE-2022-39294
RESERVED
CVE-2022-39293
RESERVED
-CVE-2022-39292
- RESERVED
+CVE-2022-39292 (Slack Morphism is a modern client library for Slack Web/Events API/Soc ...)
+ TODO: check
CVE-2022-39291 (ZoneMinder is a free, open source Closed-circuit television software a ...)
- zoneminder <unfixed> (unimportant)
NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74
@@ -17424,12 +17446,12 @@ CVE-2022-35848
RESERVED
CVE-2022-35847 (An improper neutralization of special elements used in a template engi ...)
NOT-FOR-US: FortiGuard
-CVE-2022-35846
- RESERVED
+CVE-2022-35846 (An improper restriction of excessive authentication attempts vulnerabi ...)
+ TODO: check
CVE-2022-35845
RESERVED
-CVE-2022-35844
- RESERVED
+CVE-2022-35844 (An improper neutralization of special elements used in an OS command v ...)
+ TODO: check
CVE-2022-35843
RESERVED
CVE-2022-35842
@@ -22958,12 +22980,12 @@ CVE-2022-33876
RESERVED
CVE-2022-33875
RESERVED
-CVE-2022-33874
- RESERVED
-CVE-2022-33873
- RESERVED
-CVE-2022-33872
- RESERVED
+CVE-2022-33874 (An improper neutralization of special elements used in an OS Command ( ...)
+ TODO: check
+CVE-2022-33873 (An improper neutralization of special elements used in an OS Command ( ...)
+ TODO: check
+CVE-2022-33872 (An improper neutralization of special elements used in an OS Command ( ...)
+ TODO: check
CVE-2022-33871
RESERVED
CVE-2022-33870
@@ -26629,7 +26651,7 @@ CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the Altra
CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...)
NOT-FOR-US: Zimbra
CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HT ...)
- {DSA-5231-1 DLA-3105-1}
+ {DSA-5231-1 DLA-3144-1 DLA-3105-1}
- connman 1.41-2 (bug #1016976)
NOTE: https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org/
NOTE: https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org/
@@ -36508,8 +36530,8 @@ CVE-2022-29057 (A improper neutralization of input during web page generation ('
NOT-FOR-US: Fortinet
CVE-2022-29056
RESERVED
-CVE-2022-29055
- RESERVED
+CVE-2022-29055 (A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7 ...)
+ TODO: check
CVE-2022-29054
RESERVED
CVE-2022-29053 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...)
@@ -45135,8 +45157,8 @@ CVE-2022-26125 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0
NOTE: https://github.com/FRRouting/frr/issues/10507
CVE-2022-26122
RESERVED
-CVE-2022-26121
- RESERVED
+CVE-2022-26121 (An exposure of resource to wrong sphere vulnerability [CWE-668] in For ...)
+ TODO: check
CVE-2022-26120 (Multiple improper neutralization of special elements used in an SQL Co ...)
NOT-FOR-US: Fortinet
CVE-2022-26119
@@ -55212,20 +55234,20 @@ CVE-2022-23100 (OX App Suite through 7.10.6 allows OS Command Injection via Docu
CVE-2022-23099 (OX App Suite through 7.10.6 allows XSS by forcing block-wise read. ...)
NOT-FOR-US: OX App Suite
CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...)
- {DSA-5231-1 DLA-2915-1}
+ {DSA-5231-1 DLA-3144-1 DLA-2915-1}
- connman 1.36-2.4 (bug #1004935)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c34313a196515c80fe78a2862ad78174b985be5
CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40. forw ...)
- {DSA-5231-1 DLA-2915-1}
+ {DSA-5231-1 DLA-3144-1 DLA-2915-1}
- connman 1.36-2.4 (bug #1004935)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950
CVE-2022-23096 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...)
- {DSA-5231-1 DLA-2915-1}
+ {DSA-5231-1 DLA-3144-1 DLA-2915-1}
- connman 1.36-2.4 (bug #1004935)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
@@ -64932,8 +64954,8 @@ CVE-2021-44173
RESERVED
CVE-2021-44172
RESERVED
-CVE-2021-44171
- RESERVED
+CVE-2021-44171 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
CVE-2021-44170 (A stack-based buffer overflow vulnerability [CWE-121] in the command l ...)
NOT-FOR-US: Fortinet
CVE-2021-44169 (A improper initialization in Fortinet FortiClient (Windows) version 6. ...)
@@ -216976,7 +216998,7 @@ CVE-2019-17671 (In WordPress before 5.2.4, unauthenticated viewing of certain co
NOTE: https://core.trac.wordpress.org/changeset/46474
NOTE: https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
CVE-2019-17670 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...)
- {DLA-2371-1 DLA-1980-1}
+ {DLA-3141-1 DLA-2371-1 DLA-1980-1}
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://core.trac.wordpress.org/changeset/46472
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f2f27bd0cff43e9ace602f55e13ea60128a4fbc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f2f27bd0cff43e9ace602f55e13ea60128a4fbc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221010/2b56c90c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list