[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 10 21:10:41 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f2f27bd by security tracker role at 2022-10-10T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2022-42735
+	RESERVED
+CVE-2022-42734
+	RESERVED
+CVE-2022-42733
+	RESERVED
+CVE-2022-42732
+	RESERVED
+CVE-2022-3444
+	RESERVED
+CVE-2022-3443
+	RESERVED
+CVE-2022-3442 (A vulnerability was found in Crealogix EBICS 7.0. It has been rated as ...)
+	TODO: check
+CVE-2022-3441
+	RESERVED
+CVE-2022-3440
+	RESERVED
+CVE-2022-3439
+	RESERVED
+CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. ...)
+	TODO: check
 CVE-2022-42731
 	RESERVED
 CVE-2022-42730
@@ -1548,17 +1570,17 @@ CVE-2022-42014
 CVE-2022-42013
 	RESERVED
 CVE-2022-42012 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x bef ...)
-	{DSA-5250-1}
+	{DSA-5250-1 DLA-3142-1}
 	- dbus 1.14.4-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1
 	NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/236f16e444e88a984cf12b09225e0f8efa6c5b44
 CVE-2022-42011 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x bef ...)
-	{DSA-5250-1}
+	{DSA-5250-1 DLA-3142-1}
 	- dbus 1.14.4-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1
 	NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/079bbf16186e87fb0157adf8951f19864bc2ed69
 CVE-2022-42010 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x bef ...)
-	{DSA-5250-1}
+	{DSA-5250-1 DLA-3142-1}
 	- dbus 1.14.4-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1
 	NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/9d07424e9011e3bbe535e83043d335f3093d2916
@@ -5023,7 +5045,7 @@ CVE-2022-40618
 	RESERVED
 CVE-2022-40617
 	RESERVED
-	{DSA-5249-1}
+	{DSA-5249-1 DLA-3143-1}
 	- strongswan 5.9.8-1 (bug #1021271)
 	NOTE: https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html
 	NOTE: Patch: https://download.strongswan.org/security/CVE-2022-40617/
@@ -7972,8 +7994,8 @@ CVE-2022-39294
 	RESERVED
 CVE-2022-39293
 	RESERVED
-CVE-2022-39292
-	RESERVED
+CVE-2022-39292 (Slack Morphism is a modern client library for Slack Web/Events API/Soc ...)
+	TODO: check
 CVE-2022-39291 (ZoneMinder is a free, open source Closed-circuit television software a ...)
 	- zoneminder <unfixed> (unimportant)
 	NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74
@@ -17424,12 +17446,12 @@ CVE-2022-35848
 	RESERVED
 CVE-2022-35847 (An improper neutralization of special elements used in a template engi ...)
 	NOT-FOR-US: FortiGuard
-CVE-2022-35846
-	RESERVED
+CVE-2022-35846 (An improper restriction of excessive authentication attempts vulnerabi ...)
+	TODO: check
 CVE-2022-35845
 	RESERVED
-CVE-2022-35844
-	RESERVED
+CVE-2022-35844 (An improper neutralization of special elements used in an OS command v ...)
+	TODO: check
 CVE-2022-35843
 	RESERVED
 CVE-2022-35842
@@ -22958,12 +22980,12 @@ CVE-2022-33876
 	RESERVED
 CVE-2022-33875
 	RESERVED
-CVE-2022-33874
-	RESERVED
-CVE-2022-33873
-	RESERVED
-CVE-2022-33872
-	RESERVED
+CVE-2022-33874 (An improper neutralization of special elements used in an OS Command ( ...)
+	TODO: check
+CVE-2022-33873 (An improper neutralization of special elements used in an OS Command ( ...)
+	TODO: check
+CVE-2022-33872 (An improper neutralization of special elements used in an OS Command ( ...)
+	TODO: check
 CVE-2022-33871
 	RESERVED
 CVE-2022-33870
@@ -26629,7 +26651,7 @@ CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the Altra
 CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...)
 	NOT-FOR-US: Zimbra
 CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HT ...)
-	{DSA-5231-1 DLA-3105-1}
+	{DSA-5231-1 DLA-3144-1 DLA-3105-1}
 	- connman 1.41-2 (bug #1016976)
 	NOTE: https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org/
 	NOTE: https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org/
@@ -36508,8 +36530,8 @@ CVE-2022-29057 (A improper neutralization of input during web page generation ('
 	NOT-FOR-US: Fortinet
 CVE-2022-29056
 	RESERVED
-CVE-2022-29055
-	RESERVED
+CVE-2022-29055 (A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7 ...)
+	TODO: check
 CVE-2022-29054
 	RESERVED
 CVE-2022-29053 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...)
@@ -45135,8 +45157,8 @@ CVE-2022-26125 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0
 	NOTE: https://github.com/FRRouting/frr/issues/10507
 CVE-2022-26122
 	RESERVED
-CVE-2022-26121
-	RESERVED
+CVE-2022-26121 (An exposure of resource to wrong sphere vulnerability [CWE-668] in For ...)
+	TODO: check
 CVE-2022-26120 (Multiple improper neutralization of special elements used in an SQL Co ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-26119
@@ -55212,20 +55234,20 @@ CVE-2022-23100 (OX App Suite through 7.10.6 allows OS Command Injection via Docu
 CVE-2022-23099 (OX App Suite through 7.10.6 allows XSS by forcing block-wise read. ...)
 	NOT-FOR-US: OX App Suite
 CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The  ...)
-	{DSA-5231-1 DLA-2915-1}
+	{DSA-5231-1 DLA-3144-1 DLA-2915-1}
 	- connman 1.36-2.4 (bug #1004935)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
 	NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c34313a196515c80fe78a2862ad78174b985be5
 CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40. forw ...)
-	{DSA-5231-1 DLA-2915-1}
+	{DSA-5231-1 DLA-3144-1 DLA-2915-1}
 	- connman 1.36-2.4 (bug #1004935)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
 	NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
 	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950
 CVE-2022-23096 (An issue was discovered in the DNS proxy in Connman through 1.40. The  ...)
-	{DSA-5231-1 DLA-2915-1}
+	{DSA-5231-1 DLA-3144-1 DLA-2915-1}
 	- connman 1.36-2.4 (bug #1004935)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
 	NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
@@ -64932,8 +64954,8 @@ CVE-2021-44173
 	RESERVED
 CVE-2021-44172
 	RESERVED
-CVE-2021-44171
-	RESERVED
+CVE-2021-44171 (A improper neutralization of special elements used in an os command (' ...)
+	TODO: check
 CVE-2021-44170 (A stack-based buffer overflow vulnerability [CWE-121] in the command l ...)
 	NOT-FOR-US: Fortinet
 CVE-2021-44169 (A improper initialization in Fortinet FortiClient (Windows) version 6. ...)
@@ -216976,7 +216998,7 @@ CVE-2019-17671 (In WordPress before 5.2.4, unauthenticated viewing of certain co
 	NOTE: https://core.trac.wordpress.org/changeset/46474
 	NOTE: https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
 CVE-2019-17670 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...)
-	{DLA-2371-1 DLA-1980-1}
+	{DLA-3141-1 DLA-2371-1 DLA-1980-1}
 	- wordpress 5.2.4+dfsg1-1 (bug #942459)
 	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
 	NOTE: https://core.trac.wordpress.org/changeset/46472



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f2f27bd0cff43e9ace602f55e13ea60128a4fbc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f2f27bd0cff43e9ace602f55e13ea60128a4fbc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221010/2b56c90c/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list