[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 12 21:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0495cd19 by security tracker role at 2022-10-12T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2022-42896
+ RESERVED
+CVE-2022-42895
+ RESERVED
+CVE-2022-42894
+ RESERVED
+CVE-2022-42893
+ RESERVED
+CVE-2022-42892
+ RESERVED
+CVE-2022-42891
+ RESERVED
+CVE-2022-42890
+ RESERVED
+CVE-2022-3477
+ RESERVED
+CVE-2022-3476
+ RESERVED
+CVE-2022-3475
+ RESERVED
+CVE-2022-3474
+ RESERVED
+CVE-2022-3473
+ RESERVED
+CVE-2022-3472
+ RESERVED
+CVE-2022-3471
+ RESERVED
+CVE-2022-3470
+ RESERVED
+CVE-2022-3469
+ RESERVED
+CVE-2022-3468
+ RESERVED
+CVE-2022-3467 (A vulnerability classified as critical was found in Jiusi OA. Affected ...)
+ TODO: check
+CVE-2022-3466
+ RESERVED
+CVE-2022-3465 (A vulnerability classified as critical was found in Mediabridge Medial ...)
+ TODO: check
+CVE-2022-3464 (A vulnerability classified as problematic has been found in puppyCMS u ...)
+ TODO: check
+CVE-2022-3463
+ RESERVED
+CVE-2022-3462
+ RESERVED
CVE-2022-42889
RESERVED
CVE-2022-42878
@@ -394,8 +440,8 @@ CVE-2022-42717 (An issue was discovered in Hashicorp Packer before 2.3.1. The re
NOT-FOR-US: Hashicorp Packer
CVE-2022-42716
RESERVED
-CVE-2022-42715
- RESERVED
+CVE-2022-42715 (A reflected XSS vulnerability exists in REDCap before 12.04.18 in the ...)
+ TODO: check
CVE-2022-42714
RESERVED
CVE-2022-42713
@@ -1760,10 +1806,10 @@ CVE-2022-42089
RESERVED
CVE-2022-42088
RESERVED
-CVE-2022-42087
- RESERVED
-CVE-2022-42086
- RESERVED
+CVE-2022-42087 (Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable t ...)
+ TODO: check
+CVE-2022-42086 (Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable t ...)
+ TODO: check
CVE-2022-42085
RESERVED
CVE-2022-42084
@@ -1772,16 +1818,16 @@ CVE-2022-42083
RESERVED
CVE-2022-42082
RESERVED
-CVE-2022-42081
- RESERVED
-CVE-2022-42080
- RESERVED
-CVE-2022-42079
- RESERVED
-CVE-2022-42078
- RESERVED
-CVE-2022-42077
- RESERVED
+CVE-2022-42081 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered t ...)
+ TODO: check
+CVE-2022-42080 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered t ...)
+ TODO: check
+CVE-2022-42079 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered t ...)
+ TODO: check
+CVE-2022-42078 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to ...)
+ TODO: check
+CVE-2022-42077 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to ...)
+ TODO: check
CVE-2022-42076
RESERVED
CVE-2022-42075 (Wedding Planner v1.0 is vulnerable to arbitrary code execution. ...)
@@ -3440,8 +3486,8 @@ CVE-2022-41405
CVE-2022-41404 (An issue in the fetch() method in the BasicProfile class of org.ini4j ...)
- ini4j 0.5.4-1
NOTE: https://sourceforge.net/p/ini4j/bugs/56/
-CVE-2022-41403
- RESERVED
+CVE-2022-41403 (OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL i ...)
+ TODO: check
CVE-2022-41402
RESERVED
CVE-2022-41401
@@ -3727,6 +3773,7 @@ CVE-2022-41322 (In Kitty before 0.26.2, insufficient validation in the desktop n
NOTE: https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f (v0.26.2)
CVE-2022-41318 [Buffer Over Read in SSPI and SMB Authentication]
RESERVED
+ {DLA-3151-1}
- squid 5.7-1 (bug #1020586)
- squid3 <removed>
NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/2
@@ -3734,6 +3781,7 @@ CVE-2022-41318 [Buffer Over Read in SSPI and SMB Authentication]
NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch (5.7)
CVE-2022-41317 [Exposure of Sensitive Information in Cache Manager]
RESERVED
+ {DLA-3151-1}
- squid 5.7-1 (bug #1020587)
- squid3 <removed>
NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/1
@@ -4732,8 +4780,8 @@ CVE-2022-40873
RESERVED
CVE-2022-40872 (An SQL injection vulnerability issue was discovered in Sourcecodester ...)
NOT-FOR-US: Sourcecodester Simple E-Learning System
-CVE-2022-40871
- RESERVED
+CVE-2022-40871 (Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By ...)
+ TODO: check
CVE-2022-40870
RESERVED
CVE-2022-40869 (Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulner ...)
@@ -5241,8 +5289,7 @@ CVE-2022-40666
REJECTED
CVE-2022-40665
REJECTED
-CVE-2022-40664
- RESERVED
+CVE-2022-40664 (Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shi ...)
- shiro <unfixed> (bug #1021671)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/12/1
CVE-2022-40663 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -6557,6 +6604,7 @@ CVE-2022-3142 (The NEX-Forms WordPress plugin before 7.9.7 does not properly san
CVE-2022-3141 (The Translate Multilingual sites WordPress plugin before 2.3.3 is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3140 (LibreOffice supports Office URI Schemes to enable browser integration ...)
+ {DSA-5252-1}
- libreoffice 1:7.4.1~rc2-3
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140
CVE-2022-3139
@@ -13149,8 +13197,8 @@ CVE-2022-37616 (A prototype pollution vulnerability exists in the function copy
NOTE: Fixed by: https://github.com/xmldom/xmldom/commit/7c0d4b7fbf74079060a2f135a369adeeccaf4b18 (0.8.3)
CVE-2022-37615
RESERVED
-CVE-2022-37614
- RESERVED
+CVE-2022-37614 (Prototype pollution vulnerability in function enable in mockery.js in ...)
+ TODO: check
CVE-2022-37613
RESERVED
CVE-2022-37612
@@ -20746,8 +20794,8 @@ CVE-2022-33967 (squashfs filesystem implementation of U-Boot versions from v2020
[buster] - u-boot <no-dsa> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/487467.html
NOTE: https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44 (v2022.07-rc6)
-CVE-2022-2249
- RESERVED
+CVE-2022-2249 (Privilege escalation related vulnerabilities were discovered in Avaya ...)
+ TODO: check
CVE-2022-2248
RESERVED
CVE-2022-2247
@@ -25000,8 +25048,8 @@ CVE-2022-33108 (XPDF v4.04 was discovered to contain a stack overflow vulnerabil
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2022-33107 (ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerabi ...)
NOT-FOR-US: ThinkPHP
-CVE-2022-33106
- RESERVED
+CVE-2022-33106 (WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate ...)
+ TODO: check
CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the component s ...)
- redis <not-affected> (No vulnerable version 7.x was uploaded to unstable)
NOTE: https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef (7.0.1)
@@ -37407,8 +37455,8 @@ CVE-2022-1286 (heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repo
NOTE: https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189/
CVE-2022-28888 (Spryker Commerce OS 1.4.2 allows Remote Command Execution. ...)
NOT-FOR-US: Spryker Commerce OS
-CVE-2022-28887
- RESERVED
+CVE-2022-28887 (Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Sec ...)
+ TODO: check
CVE-2022-28886 (A Denial-of-Service vulnerability was discovered in the F-Secure and W ...)
NOT-FOR-US: F-Secure
CVE-2022-28885 (A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd ...)
@@ -46643,18 +46691,18 @@ CVE-2022-25667
RESERVED
CVE-2022-25666
RESERVED
-CVE-2022-25665
- RESERVED
-CVE-2022-25664
- RESERVED
-CVE-2022-25663
- RESERVED
-CVE-2022-25662
- RESERVED
-CVE-2022-25661
- RESERVED
-CVE-2022-25660
- RESERVED
+CVE-2022-25665 (Information disclosure due to buffer over read in kernel in Snapdragon ...)
+ TODO: check
+CVE-2022-25664 (Information disclosure due to exposure of information while GPU reads ...)
+ TODO: check
+CVE-2022-25663 (Possible buffer overflow due to lack of buffer length check during man ...)
+ TODO: check
+CVE-2022-25662 (Information disclosure due to untrusted pointer dereference in kernel ...)
+ TODO: check
+CVE-2022-25661 (Memory corruption due to untrusted pointer dereference in kernel in Sn ...)
+ TODO: check
+CVE-2022-25660 (Memory corruption due to double free issue in kernel in Snapdragon Aut ...)
+ TODO: check
CVE-2022-25659 (Memory corruption due to buffer overflow while parsing MKV clips with ...)
NOT-FOR-US: Qualcomm
CVE-2022-25658 (Memory corruption due to incorrect pointer arithmetic when attempting ...)
@@ -49130,7 +49178,7 @@ CVE-2022-24838 (Nextcloud Calendar is a calendar application for the nextcloud f
CVE-2022-24837 (HedgeDoc is an open-source, web-based, self-hosted, collaborative mark ...)
NOT-FOR-US: HedgeDoc
CVE-2022-24836 (Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `&l ...)
- {DLA-3003-1}
+ {DLA-3149-1 DLA-3003-1}
- ruby-nokogiri 1.13.5+dfsg-1 (bug #1009787)
NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
NOTE: https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
@@ -59189,8 +59237,8 @@ CVE-2022-0032
RESERVED
CVE-2022-0031
RESERVED
-CVE-2022-0030
- RESERVED
+CVE-2022-0030 (An authentication bypass vulnerability in the Palo Alto Networks PAN-O ...)
+ TODO: check
CVE-2022-0029 (An improper link resolution vulnerability in the Palo Alto Networks Co ...)
NOT-FOR-US: Palo Alto Networks
CVE-2022-0028 (A PAN-OS URL filtering policy misconfiguration could allow a network-b ...)
@@ -60811,10 +60859,10 @@ CVE-2022-22080 (Improper validation of backend id in PCM routing process can lea
NOT-FOR-US: Snapdragon
CVE-2022-22079
RESERVED
-CVE-2022-22078
- RESERVED
-CVE-2022-22077
- RESERVED
+CVE-2022-22078 (Denial of service in BOOT when partition size for a particular partiti ...)
+ TODO: check
+CVE-2022-22077 (Memory corruption in graphics due to use-after-free in graphics dispat ...)
+ TODO: check
CVE-2022-22076
RESERVED
CVE-2022-22075
@@ -146521,7 +146569,7 @@ CVE-2020-26249 (Red Discord Bot Dashboard is an easy-to-use interactive web dash
CVE-2020-26248 (In the PrestaShop module "productcomments" before version 4.2.1, an at ...)
NOT-FOR-US: PrestaShop module
CVE-2020-26247 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...)
- {DLA-2678-1}
+ {DLA-3149-1 DLA-2678-1}
- ruby-nokogiri 1.11.1+dfsg-1 (low; bug #978967)
NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
NOTE: https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b (v1.11.0.rc4)
@@ -254408,7 +254456,7 @@ CVE-2019-5479 (An unintended require vulnerability in <v0.5.5 larvitbase-api
CVE-2019-5478 (A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ dev ...)
NOT-FOR-US: Encrypt Only boot mode in Zynq UltraScale+ devices
CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and earlier allo ...)
- {DLA-1933-1}
+ {DLA-3150-1 DLA-3149-1 DLA-1933-1}
- rexical 1.0.7-1 (bug #940905)
[stretch] - rexical <no-dsa> (Minor issue, can be fixed via point release)
- ruby-nokogiri 1.10.4+dfsg1-1 (bug #934802)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0495cd196416fbd6a116c4a5f81e52601d6e9c0e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0495cd196416fbd6a116c4a5f81e52601d6e9c0e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221012/f9ca1755/attachment.htm>
More information about the debian-security-tracker-commits
mailing list