[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 12 09:10:25 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c8178658 by security tracker role at 2022-10-12T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2022-42889
+ RESERVED
+CVE-2022-42878
+ RESERVED
+CVE-2022-42877
+ RESERVED
+CVE-2022-42876
+ RESERVED
+CVE-2022-42875
+ RESERVED
+CVE-2022-42874
+ RESERVED
+CVE-2022-42873
+ RESERVED
+CVE-2022-42872
+ RESERVED
+CVE-2022-42871
+ RESERVED
+CVE-2022-42870
+ RESERVED
+CVE-2022-42869
+ RESERVED
+CVE-2022-42868
+ RESERVED
+CVE-2022-42487
+ RESERVED
+CVE-2022-42480
+ RESERVED
+CVE-2022-41997
+ RESERVED
+CVE-2022-41984
+ RESERVED
+CVE-2022-41982
+ RESERVED
+CVE-2022-41784
+ RESERVED
+CVE-2022-41693
+ RESERVED
+CVE-2022-41687
+ RESERVED
+CVE-2022-40221
+ RESERVED
+CVE-2022-3461
+ RESERVED
+CVE-2022-3460
+ RESERVED
+CVE-2022-3459
+ RESERVED
+CVE-2022-3458 (A vulnerability has been found in SourceCodester Human Resource Manage ...)
+ TODO: check
CVE-2022-42867
RESERVED
CVE-2022-42866
@@ -340,8 +390,8 @@ CVE-2022-42719
RESERVED
CVE-2022-42718
RESERVED
-CVE-2022-42717
- RESERVED
+CVE-2022-42717 (An issue was discovered in Hashicorp Packer before 2.3.1. The recommen ...)
+ TODO: check
CVE-2022-42716
RESERVED
CVE-2022-42715
@@ -352,8 +402,8 @@ CVE-2022-42713
RESERVED
CVE-2022-42712
RESERVED
-CVE-2022-42711
- RESERVED
+CVE-2022-42711 (In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application ...)
+ TODO: check
CVE-2022-42710
RESERVED
CVE-2022-42709
@@ -1796,24 +1846,24 @@ CVE-2022-42046
RESERVED
CVE-2022-42045
RESERVED
-CVE-2022-42044
- RESERVED
-CVE-2022-42043
- RESERVED
-CVE-2022-42042
- RESERVED
-CVE-2022-42041
- RESERVED
-CVE-2022-42040
- RESERVED
-CVE-2022-42039
- RESERVED
-CVE-2022-42038
- RESERVED
-CVE-2022-42037
- RESERVED
-CVE-2022-42036
- RESERVED
+CVE-2022-42044 (The d8s-asns package for Python, as distributed on PyPI, included a po ...)
+ TODO: check
+CVE-2022-42043 (The d8s-xml package for Python, as distributed on PyPI, included a pot ...)
+ TODO: check
+CVE-2022-42042 (The d8s-networking package for Python, as distributed on PyPI, include ...)
+ TODO: check
+CVE-2022-42041 (The d8s-file-system package for Python, as distributed on PyPI, includ ...)
+ TODO: check
+CVE-2022-42040 (The d8s-algorithms package for Python, as distributed on PyPI, include ...)
+ TODO: check
+CVE-2022-42039 (The d8s-lists package for Python, as distributed on PyPI, included a p ...)
+ TODO: check
+CVE-2022-42038 (The d8s-ip-addresses package for Python, as distributed on PyPI, inclu ...)
+ TODO: check
+CVE-2022-42037 (The d8s-asns package for Python, as distributed on PyPI, included a po ...)
+ TODO: check
+CVE-2022-42036 (The d8s-urls package for Python, as distributed on PyPI, included a po ...)
+ TODO: check
CVE-2022-42035
RESERVED
CVE-2022-42034 (Wedding Planner v1.0 is vulnerable to arbitrary code execution via use ...)
@@ -2442,7 +2492,7 @@ CVE-2022-41768
RESERVED
CVE-2022-41767 [mediawiki: reassignEdits doesn't update results in an IP range check on Special:Contributions]
RESERVED
- {DSA-5246-1}
+ {DSA-5246-1 DLA-3148-1}
- mediawiki 1:1.35.8-1
NOTE: https://phabricator.wikimedia.org/T316304
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/836891
@@ -2454,7 +2504,7 @@ CVE-2022-41766 [mediawiki: On action=rollback the message "alreadyrolled" can le
NOTE: https://phabricator.wikimedia.org/T307278
CVE-2022-41765 [mediawiki: HTMLUserTextField exposes existence of hidden users]
RESERVED
- {DSA-5246-1}
+ {DSA-5246-1 DLA-3148-1}
- mediawiki 1:1.35.8-1
NOTE: https://phabricator.wikimedia.org/T309894
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/836892
@@ -2731,8 +2781,8 @@ CVE-2022-41609
RESERVED
CVE-2022-41608
RESERVED
-CVE-2022-41606
- RESERVED
+CVE-2022-41606 (HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 job ...)
+ TODO: check
CVE-2022-41605
RESERVED
CVE-2022-41604 (Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows lo ...)
@@ -3088,8 +3138,8 @@ CVE-2022-41552
RESERVED
CVE-2022-41551
RESERVED
-CVE-2022-41550
- RESERVED
+CVE-2022-41550 (GNU oSIP v5.3.0 was discovered to contain an integer overflow via the ...)
+ TODO: check
CVE-2022-41549
RESERVED
CVE-2022-41548
@@ -3124,12 +3174,12 @@ CVE-2022-41534
RESERVED
CVE-2022-41533
RESERVED
-CVE-2022-41532
- RESERVED
+CVE-2022-41532 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
+ TODO: check
CVE-2022-41531
RESERVED
-CVE-2022-41530
- RESERVED
+CVE-2022-41530 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
+ TODO: check
CVE-2022-41529
RESERVED
CVE-2022-41528 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...)
@@ -3374,16 +3424,16 @@ CVE-2022-41410
RESERVED
CVE-2022-41409
RESERVED
-CVE-2022-41408
- RESERVED
-CVE-2022-41407
- RESERVED
-CVE-2022-41406
- RESERVED
+CVE-2022-41408 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2022-41407 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2022-41406 (An arbitrary file upload vulnerability in the /admin/admin_pic.php com ...)
+ TODO: check
CVE-2022-41405
RESERVED
-CVE-2022-41404
- RESERVED
+CVE-2022-41404 (An issue in the fetch() method in the BasicProfile class of org.ini4j ...)
+ TODO: check
CVE-2022-41403
RESERVED
CVE-2022-41402
@@ -3416,22 +3466,22 @@ CVE-2022-41389
RESERVED
CVE-2022-41388
RESERVED
-CVE-2022-41387
- RESERVED
-CVE-2022-41386
- RESERVED
-CVE-2022-41385
- RESERVED
-CVE-2022-41384
- RESERVED
-CVE-2022-41383
- RESERVED
-CVE-2022-41382
- RESERVED
-CVE-2022-41381
- RESERVED
-CVE-2022-41380
- RESERVED
+CVE-2022-41387 (The d8s-pdfs package for Python, as distributed on PyPI, included a po ...)
+ TODO: check
+CVE-2022-41386 (The d8s-utility package for Python, as distributed on PyPI, included a ...)
+ TODO: check
+CVE-2022-41385 (The d8s-html package for Python, as distributed on PyPI, included a po ...)
+ TODO: check
+CVE-2022-41384 (The d8s-domains package for Python, as distributed on PyPI, included a ...)
+ TODO: check
+CVE-2022-41383 (The d8s-archives package for Python, as distributed on PyPI, included ...)
+ TODO: check
+CVE-2022-41382 (The d8s-json package for Python, as distributed on PyPI, included a po ...)
+ TODO: check
+CVE-2022-41381 (The d8s-utility package for Python, as distributed on PyPI, included a ...)
+ TODO: check
+CVE-2022-41380 (The d8s-yaml package for Python, as distributed on PyPI, included a po ...)
+ TODO: check
CVE-2022-41379 (An arbitrary file upload vulnerability in the component /leave_system/ ...)
NOT-FOR-US: Online Leave Management System
CVE-2022-41378 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...)
@@ -3919,96 +3969,96 @@ CVE-2022-41212
RESERVED
CVE-2022-41211
RESERVED
-CVE-2022-41210
- RESERVED
-CVE-2022-41209
- RESERVED
+CVE-2022-41210 (SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, ...)
+ TODO: check
+CVE-2022-41209 (SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, ...)
+ TODO: check
CVE-2022-41208
RESERVED
CVE-2022-41207
RESERVED
-CVE-2022-41206
- RESERVED
+CVE-2022-41206 (SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) ...)
+ TODO: check
CVE-2022-41205
RESERVED
-CVE-2022-41204
- RESERVED
+CVE-2022-41204 (An attacker can change the content of an SAP Commerce - versions 1905, ...)
+ TODO: check
CVE-2022-41203
RESERVED
-CVE-2022-41202
- RESERVED
-CVE-2022-41201
- RESERVED
-CVE-2022-41200
- RESERVED
-CVE-2022-41199
- RESERVED
-CVE-2022-41198
- RESERVED
-CVE-2022-41197
- RESERVED
-CVE-2022-41196
- RESERVED
-CVE-2022-41195
- RESERVED
-CVE-2022-41194
- RESERVED
-CVE-2022-41193
- RESERVED
-CVE-2022-41192
- RESERVED
-CVE-2022-41191
- RESERVED
-CVE-2022-41190
- RESERVED
-CVE-2022-41189
- RESERVED
-CVE-2022-41188
- RESERVED
-CVE-2022-41187
- RESERVED
-CVE-2022-41186
- RESERVED
-CVE-2022-41185
- RESERVED
-CVE-2022-41184
- RESERVED
-CVE-2022-41183
- RESERVED
-CVE-2022-41182
- RESERVED
-CVE-2022-41181
- RESERVED
-CVE-2022-41180
- RESERVED
-CVE-2022-41179
- RESERVED
-CVE-2022-41178
- RESERVED
-CVE-2022-41177
- RESERVED
-CVE-2022-41176
- RESERVED
-CVE-2022-41175
- RESERVED
-CVE-2022-41174
- RESERVED
-CVE-2022-41173
- RESERVED
-CVE-2022-41172
- RESERVED
-CVE-2022-41171
- RESERVED
-CVE-2022-41170
- RESERVED
-CVE-2022-41169
- RESERVED
-CVE-2022-41168
- RESERVED
-CVE-2022-41167
- RESERVED
-CVE-2022-41166
- RESERVED
+CVE-2022-41202 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41201 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41200 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41199 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41198 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41197 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41196 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41195 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41194 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41193 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41192 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-41191 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41190 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41189 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41188 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-41187 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41186 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-41185 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41184 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41183 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-41182 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-41181 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-41180 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41179 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41178 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-41177 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41176 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-41175 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41174 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-41173 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-41172 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41171 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-41170 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41169 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-41168 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41167 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-41166 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
CVE-2022-41165
RESERVED
CVE-2022-41164
@@ -4571,8 +4621,8 @@ CVE-2022-40923 (A vulnerability in the LIEF::MachO::SegmentCommand::virtual_addr
NOT-FOR-US: LIEF
CVE-2022-40922 (A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse funct ...)
NOT-FOR-US: LIEF
-CVE-2022-40921
- RESERVED
+CVE-2022-40921 (DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vul ...)
+ TODO: check
CVE-2022-40920
RESERVED
CVE-2022-40919
@@ -4859,8 +4909,8 @@ CVE-2022-40779
RESERVED
CVE-2022-40778 (A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefend ...)
NOT-FOR-US: OPSWAT MetaDefender ICAP Server
-CVE-2022-40777
- RESERVED
+CVE-2022-40777 (Interspire Email Marketer through 6.5.0 allows arbitrary file upload v ...)
+ TODO: check
CVE-2022-40776
RESERVED
CVE-2022-40775 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...)
@@ -5687,9 +5737,9 @@ CVE-2022-40471
RESERVED
CVE-2022-40470
RESERVED
-CVE-2022-40469
- RESERVED
-CVE-2022-40468 (Tinyproxy commit 84f203f and earlier does not process HTTP request lin ...)
+CVE-2022-40469 (iKuai8 v3.6.7 was discovered to contain an authenticated remote code e ...)
+ TODO: check
+CVE-2022-40468 (Potential leak of left-over heap data if custom error page templates c ...)
- tinyproxy 1.11.1-2 (bug #1021015)
[bullseye] - tinyproxy <no-dsa> (Minor issue)
NOTE: https://github.com/tinyproxy/tinyproxy/issues/457
@@ -5748,8 +5798,8 @@ CVE-2022-40442
RESERVED
CVE-2022-40441
RESERVED
-CVE-2022-40440
- RESERVED
+CVE-2022-40440 (mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) ...)
+ TODO: check
CVE-2022-40439 (An memory leak issue was discovered in AP4_StdcFileByteStream::Create ...)
NOT-FOR-US: Bento4
CVE-2022-40438 (Buffer overflow vulnerability in function AP4_MemoryByteStream::WriteP ...)
@@ -6262,8 +6312,8 @@ CVE-2022-38098
RESERVED
CVE-2022-38095 (Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38086
- RESERVED
+CVE-2022-38086 (Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate ...)
+ TODO: check
CVE-2022-38085 (Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam p ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38077
@@ -6493,8 +6543,7 @@ CVE-2022-3142 (The NEX-Forms WordPress plugin before 7.9.7 does not properly san
NOT-FOR-US: WordPress plugin
CVE-2022-3141 (The Translate Multilingual sites WordPress plugin before 2.3.3 is vuln ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3140 [libreoffice: Macro URL arbitrary script execution]
- RESERVED
+CVE-2022-3140 (LibreOffice supports Office URI Schemes to enable browser integration ...)
- libreoffice 1:7.4.1~rc2-3
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140
CVE-2022-3139
@@ -7219,24 +7268,24 @@ CVE-2022-3119 (The OAuth client Single Sign On WordPress plugin before 3.0.4 doe
NOT-FOR-US: WordPress plugin
CVE-2022-3118 (A vulnerability was found in Sourcecodehero ERP System Project. It has ...)
NOT-FOR-US: Sourcecodehero ERP System Project
-CVE-2022-39808
- RESERVED
-CVE-2022-39807
- RESERVED
-CVE-2022-39806
- RESERVED
-CVE-2022-39805
- RESERVED
-CVE-2022-39804
- RESERVED
-CVE-2022-39803
- RESERVED
-CVE-2022-39802
- RESERVED
+CVE-2022-39808 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-39807 (Due to lack of proper memory management, when a victim opens manipulat ...)
+ TODO: check
+CVE-2022-39806 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-39805 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-39804 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-39803 (Due to lack of proper memory management, when a victim opens a manipul ...)
+ TODO: check
+CVE-2022-39802 (SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an att ...)
+ TODO: check
CVE-2022-39801 (SAP GRC Access control Emergency Access Management allows an authentic ...)
NOT-FOR-US: SAP
-CVE-2022-39800
- RESERVED
+CVE-2022-39800 (SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible t ...)
+ TODO: check
CVE-2022-39799 (An attacker with no prior authentication could craft and send maliciou ...)
NOT-FOR-US: SAP
CVE-2022-3117
@@ -9145,12 +9194,12 @@ CVE-2022-3034
[bullseye] - thunderbird <not-affected> (Only affects ESR102)
[buster] - thunderbird <not-affected> (Only affects ESR102)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3034
-CVE-2022-39015
- RESERVED
+CVE-2022-39015 (Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker t ...)
+ TODO: check
CVE-2022-39014 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...)
NOT-FOR-US: SAP
-CVE-2022-39013
- RESERVED
+CVE-2022-39013 (Under certain conditions an authenticated attacker can get access to O ...)
+ TODO: check
CVE-2022-39012
RESERVED
CVE-2022-39011
@@ -9615,8 +9664,8 @@ CVE-2022-38453 (Multiple binary application files on the CMS8000 device are comp
NOT-FOR-US: Contec Health
CVE-2022-38399 (Missing protection mechanism for alternate hardware interface in SmaCa ...)
NOT-FOR-US: SmaCam
-CVE-2022-38138
- RESERVED
+CVE-2022-38138 (The Triangle Microworks IEC 61850 Library (Any client or server using ...)
+ TODO: check
CVE-2022-38100 (The CMS800 device fails while attempting to parse malformed network da ...)
NOT-FOR-US: Contec Health
CVE-2022-38069 (Multiple globally default credentials exist across all CMS8000 devices ...)
@@ -12500,8 +12549,8 @@ CVE-2022-2722 (A vulnerability was found in SourceCodester Simple Student Inform
NOT-FOR-US: SourceCodester Simple Student Information System
CVE-2022-2721
RESERVED
-CVE-2022-2720
- RESERVED
+CVE-2022-2720 (In affected versions of Octopus Server it was identified that when a s ...)
+ TODO: check
CVE-2021-46833
RESERVED
CVE-2021-46832
@@ -13072,8 +13121,8 @@ CVE-2022-37619
RESERVED
CVE-2022-37618
RESERVED
-CVE-2022-37617
- RESERVED
+CVE-2022-37617 (Prototype pollution vulnerability in function resolveShims in resolve- ...)
+ TODO: check
CVE-2022-37616 (A prototype pollution vulnerability exists in the function copy in dom ...)
- node-xmldom <unfixed> (bug #1021618)
NOTE: https://github.com/xmldom/xmldom/issues/436
@@ -13088,8 +13137,8 @@ CVE-2022-37613
RESERVED
CVE-2022-37612
RESERVED
-CVE-2022-37611
- RESERVED
+CVE-2022-37611 (Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the pa ...)
+ TODO: check
CVE-2022-37610
RESERVED
CVE-2022-37609 (Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 v ...)
@@ -19153,14 +19202,14 @@ CVE-2022-2341 (The Simple Page Transition WordPress plugin through 1.4.1 does no
NOT-FOR-US: WordPress plugin
CVE-2022-2340 (The W-DALIL WordPress plugin through 2.0 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-35299
- RESERVED
+CVE-2022-35299 (SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an ...)
+ TODO: check
CVE-2022-35298 (SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not suffici ...)
NOT-FOR-US: SAP
-CVE-2022-35297
- RESERVED
-CVE-2022-35296
- RESERVED
+CVE-2022-35297 (The application SAP Enable Now does not sufficiently encode user-contr ...)
+ TODO: check
+CVE-2022-35296 (Under certain conditions, the application SAP BusinessObjects Business ...)
+ TODO: check
CVE-2022-35295 (In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files ...)
NOT-FOR-US: SAP
CVE-2022-35294 (An attacker with basic business user privileges could craft and upload ...)
@@ -19345,8 +19394,8 @@ CVE-2022-35228 (SAP BusinessObjects CMC allows an unauthenticated attacker to re
NOT-FOR-US: SAP
CVE-2022-35227 (A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, ...)
NOT-FOR-US: SAP
-CVE-2022-35226
- RESERVED
+CVE-2022-35226 (SAP Data Services Management allows an attacker to copy the data from ...)
+ TODO: check
CVE-2022-35225 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...)
NOT-FOR-US: SAP
CVE-2022-35224 (SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7 ...)
@@ -28931,8 +28980,8 @@ CVE-2022-31684
RESERVED
CVE-2022-31683
RESERVED
-CVE-2022-31682
- RESERVED
+CVE-2022-31682 (VMware Aria Operations contains an arbitrary file read vulnerability. ...)
+ TODO: check
CVE-2022-31681 (VMware ESXi contains a null-pointer deference vulnerability. A malicio ...)
TODO: check
CVE-2022-31680 (The vCenter Server contains an unsafe deserialisation vulnerability in ...)
@@ -37379,8 +37428,8 @@ CVE-2022-28868 (An Address bar spoofing vulnerability was discovered in Safe Bro
NOT-FOR-US: F-Secure
CVE-2022-28867
RESERVED
-CVE-2022-28866
- RESERVED
+CVE-2022-28866 (Multiple Improper Access Control was discovered in Nokia AirFrame BMC ...)
+ TODO: check
CVE-2022-28865
RESERVED
CVE-2022-28864
@@ -65854,7 +65903,7 @@ CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a po
NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17)
CVE-2021-43998 (HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 temp ...)
NOT-FOR-US: HashiCorp Vault
-CVE-2021-43997 (Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU p ...)
+CVE-2021-43997 (FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code ...)
NOT-FOR-US: Amazon FreeRTOS
CVE-2021-43996 (The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Lar ...)
NOT-FOR-US: Laravel Ignition component
@@ -72392,38 +72441,38 @@ CVE-2022-20442
RESERVED
CVE-2022-20441
RESERVED
-CVE-2022-20440
- RESERVED
-CVE-2022-20439
- RESERVED
-CVE-2022-20438
- RESERVED
-CVE-2022-20437
- RESERVED
-CVE-2022-20436
- RESERVED
-CVE-2022-20435
- RESERVED
-CVE-2022-20434
- RESERVED
-CVE-2022-20433
- RESERVED
-CVE-2022-20432
- RESERVED
-CVE-2022-20431
- RESERVED
-CVE-2022-20430
- RESERVED
-CVE-2022-20429
- RESERVED
+CVE-2022-20440 (In Messaging, There has unauthorized broadcast, this could cause Local ...)
+ TODO: check
+CVE-2022-20439 (In Messaging, There has unauthorized provider, this could cause Local ...)
+ TODO: check
+CVE-2022-20438 (In Messaging, There has unauthorized broadcast, this could cause Local ...)
+ TODO: check
+CVE-2022-20437 (In Messaging, There has unauthorized broadcast, this could cause Local ...)
+ TODO: check
+CVE-2022-20436 (There is an unauthorized service in the system service. Since the comp ...)
+ TODO: check
+CVE-2022-20435 (There is a Unauthorized service in the system service, may cause the s ...)
+ TODO: check
+CVE-2022-20434 (There is an missing authorization issue in the system service. Since t ...)
+ TODO: check
+CVE-2022-20433 (There is an missing authorization issue in the system service. Since t ...)
+ TODO: check
+CVE-2022-20432 (There is an missing authorization issue in the system service. Since t ...)
+ TODO: check
+CVE-2022-20431 (There is an missing authorization issue in the system service. Since t ...)
+ TODO: check
+CVE-2022-20430 (There is an missing authorization issue in the system service. Since t ...)
+ TODO: check
+CVE-2022-20429 (In CarSettings of app packages, there is a possible permission bypass ...)
+ TODO: check
CVE-2022-20428
RESERVED
CVE-2022-20427
RESERVED
CVE-2022-20426
RESERVED
-CVE-2022-20425
- RESERVED
+CVE-2022-20425 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...)
+ TODO: check
CVE-2022-20424
RESERVED
- linux 5.14.6-1
@@ -72431,50 +72480,46 @@ CVE-2022-20424
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
NOTE: Duplicate of CVE-2022-1786.
-CVE-2022-20423
- RESERVED
+CVE-2022-20423 (In rndis_set_response of rndis.c, there is a possible out of bounds wr ...)
- linux 5.16.18-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
NOTE: https://git.kernel.org/linus/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa (5.17)
-CVE-2022-20422
- RESERVED
+CVE-2022-20422 (In emulation_proc_handler of armv8_deprecated.c, there is a possible w ...)
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux 4.19.260-1
NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
NOTE: https://git.kernel.org/linus/af483947d472eccb79e42059276c4deed76f99a6 (6.0-rc1)
-CVE-2022-20421
- RESERVED
+CVE-2022-20421 (In binder_inc_ref_for_node of binder.c, there is a possible way to cor ...)
- linux 5.19.11-1
[buster] - linux 4.19.260-1
NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
NOTE: https://git.kernel.org/linus/a0e44c64b6061dda7e00b7c458e4523e2331b739 (6.0-rc4)
-CVE-2022-20420
- RESERVED
-CVE-2022-20419
- RESERVED
-CVE-2022-20418
- RESERVED
-CVE-2022-20417
- RESERVED
-CVE-2022-20416
- RESERVED
-CVE-2022-20415
- RESERVED
+CVE-2022-20420 (In getBackgroundRestrictionExemptionReason of AppRestrictionController ...)
+ TODO: check
+CVE-2022-20419 (In setOptions of ActivityRecord.java, there is a possible load any arb ...)
+ TODO: check
+CVE-2022-20418 (In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bound ...)
+ TODO: check
+CVE-2022-20417 (In audioTransportsToHal of HidlUtils.cpp, there is a possible out of b ...)
+ TODO: check
+CVE-2022-20416 (In audioTransportsToHal of HidlUtils.cpp, there is a possible out of b ...)
+ TODO: check
+CVE-2022-20415 (In handleFullScreenIntent of StatusBarNotificationActivityStarter.java ...)
+ TODO: check
CVE-2022-20414
RESERVED
-CVE-2022-20413
- RESERVED
-CVE-2022-20412
- RESERVED
+CVE-2022-20413 (In start of Threads.cpp, there is a possible way to record audio durin ...)
+ TODO: check
+CVE-2022-20412 (In fdt_next_tag of fdt.c, there is a possible out of bounds read due t ...)
+ TODO: check
CVE-2022-20411
RESERVED
-CVE-2022-20410
- RESERVED
-CVE-2022-20409 [io_uring: Use original task for req identity in io_identity_cow()]
- RESERVED
+CVE-2022-20410 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible o ...)
+ TODO: check
+CVE-2022-20409 (In io_identity_cow of io_uring.c, there is a possible way to corrupt m ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.136-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -72508,8 +72553,8 @@ CVE-2022-20396 (In SettingsActivity.java, there is a possible way to make a devi
NOT-FOR-US: Android
CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file deletio ...)
NOT-FOR-US: Android
-CVE-2022-20394
- RESERVED
+CVE-2022-20394 (In getInputMethodWindowVisibleHeight of InputMethodManagerService.java ...)
+ TODO: check
CVE-2022-20393 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a p ...)
NOT-FOR-US: Android
CVE-2022-20392 (In declareDuplicatePermission of ParsedPermissionUtils.java, there is ...)
@@ -72599,8 +72644,8 @@ CVE-2022-20353 (In onSaveRingtone of DefaultRingtonePreference.java, there is a
NOT-FOR-US: Android
CVE-2022-20352 (In addProviderRequestListener of LocationManagerService.java, there is ...)
NOT-FOR-US: Android
-CVE-2022-20351
- RESERVED
+CVE-2022-20351 (In queryInternal of CallLogProvider.java, there is a possible access t ...)
+ TODO: check
CVE-2022-20350 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...)
NOT-FOR-US: Android
CVE-2022-20349 (In WifiScanningPreferenceController and BluetoothScanningPreferenceCon ...)
@@ -87595,8 +87640,8 @@ CVE-2021-36917 (WordPress Hide My WP plugin (versions <= 6.2.3) can be deacti
NOT-FOR-US: WordPress plugin
CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress plugin (ve ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36915
- RESERVED
+CVE-2021-36915 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile ...)
+ TODO: check
CVE-2021-36914 (Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected C ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36913 (Unauthenticated Options Change and Content Injection vulnerability in ...)
@@ -89283,8 +89328,8 @@ CVE-2021-36203 (The affected product may allow an attacker to identify and forge
NOT-FOR-US: Johnson Controls
CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...)
NOT-FOR-US: Johnson Controls Metasys
-CVE-2021-36201
- RESERVED
+CVE-2021-36201 (Under certain circumstances a C•CURE Portal user could enumerate ...)
+ TODO: check
CVE-2021-36200 (Under certain circumstances an unauthenticated user could access the t ...)
NOT-FOR-US: Johnson Controls
CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some ...)
@@ -139291,8 +139336,8 @@ CVE-2021-0953 (In setOnClickActivityIntent of SearchWidgetProvider.java, there i
NOT-FOR-US: Android
CVE-2021-0952 (In doCropPhoto of PhotoSelectionHandler.java, there is a possible perm ...)
NOT-FOR-US: Android
-CVE-2021-0951
- RESERVED
+CVE-2021-0951 (In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code exe ...)
+ TODO: check
CVE-2021-0950
RESERVED
CVE-2021-0949
@@ -139833,8 +139878,8 @@ CVE-2021-0698 (In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of ke
NOT-FOR-US: Android
CVE-2021-0697 (In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible use ...)
NOT-FOR-US: Android
-CVE-2021-0696
- RESERVED
+CVE-2021-0696 (In dllist_remove_node of TBD, there is a possible use after free bug d ...)
+ TODO: check
CVE-2021-0695 (In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds re ...)
- linux <not-affected> (Android-specific xt_qtaguid code)
NOTE: https://source.android.com/security/bulletin/2021-09-01
@@ -174448,12 +174493,12 @@ CVE-2020-14133
RESERVED
CVE-2020-14132
RESERVED
-CVE-2020-14131
- RESERVED
+CVE-2020-14131 (The Xiaomi Security Center expresses heartfelt thanks to ADLab of Venu ...)
+ TODO: check
CVE-2020-14130 (Some js interfaces in the Xiaomi community were exposed, causing sensi ...)
NOT-FOR-US: Xiaomi
-CVE-2020-14129
- RESERVED
+CVE-2020-14129 (A logic vulnerability exists in a Xiaomi product. The vulnerability is ...)
+ TODO: check
CVE-2020-14128
RESERVED
CVE-2020-14127 (A denial of service vulnerability exists in some Xiaomi models of phon ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8178658102d3a3a17f037db561949ec7cc553f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8178658102d3a3a17f037db561949ec7cc553f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221012/38a342fb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list