[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 13 09:10:25 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
123fdc15 by security tracker role at 2022-10-13T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,26 @@
-CVE-2022-42906
+CVE-2022-42907
+ RESERVED
+CVE-2022-42905
+ RESERVED
+CVE-2022-42904
+ RESERVED
+CVE-2022-42903
+ RESERVED
+CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before 2022.10, the ...)
+ TODO: check
+CVE-2022-42901 (Bentley MicroStation and MicroStation-based applications may be affect ...)
+ TODO: check
+CVE-2022-42900 (Bentley MicroStation and MicroStation-based applications may be affect ...)
+ TODO: check
+CVE-2022-42899 (Bentley MicroStation and MicroStation-based applications may be affect ...)
+ TODO: check
+CVE-2022-42898
+ RESERVED
+CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthe ...)
+ TODO: check
+CVE-2022-3478
+ RESERVED
+CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...)
- powerline-gitstatus <unfixed>
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46
@@ -24,14 +46,14 @@ CVE-2022-3475
RESERVED
CVE-2022-3474
RESERVED
-CVE-2022-3473
- RESERVED
-CVE-2022-3472
- RESERVED
-CVE-2022-3471
- RESERVED
-CVE-2022-3470
- RESERVED
+CVE-2022-3473 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2022-3472 (A vulnerability was found in SourceCodester Human Resource Management ...)
+ TODO: check
+CVE-2022-3471 (A vulnerability was found in SourceCodester Human Resource Management ...)
+ TODO: check
+CVE-2022-3470 (A vulnerability was found in SourceCodester Human Resource Management ...)
+ TODO: check
CVE-2022-3469
RESERVED
CVE-2022-3468
@@ -3606,14 +3628,14 @@ CVE-2022-41353
RESERVED
CVE-2022-41352 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. ...)
NOT-FOR-US: Zimbra
-CVE-2022-41351
- RESERVED
-CVE-2022-41350
- RESERVED
-CVE-2022-41349
- RESERVED
-CVE-2022-41348
- RESERVED
+CVE-2022-41351 (In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, on ...)
+ TODO: check
+CVE-2022-41350 (In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail ...)
+ TODO: check
+CVE-2022-41349 (In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose acce ...)
+ TODO: check
+CVE-2022-41348 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occ ...)
+ TODO: check
CVE-2022-41347 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e ...)
NOT-FOR-US: Zimbra
CVE-2022-41346
@@ -3733,8 +3755,8 @@ CVE-2022-41320 (Veritas System Recovery (VSR) versions 18 and 21 store a network
NOT-FOR-US: Veritas System Recovery (VSR)
CVE-2022-41319 (A Reflected Cross-Site Scripting (XSS) vulnerability affects the Verit ...)
NOT-FOR-US: Veritas
-CVE-2022-41316
- RESERVED
+CVE-2022-41316 (HashiCorp Vault and Vault Enterprise’s TLS certificate auth meth ...)
+ TODO: check
CVE-2022-3281
RESERVED
CVE-2022-3280
@@ -6150,8 +6172,7 @@ CVE-2022-3172
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
-CVE-2022-3171 [potential denial of service issue in the Java Protobuf runtime]
- RESERVED
+CVE-2022-3171 (A parsing issue with binary data in protobuf-java core and lite versio ...)
[experimental] - protobuf 3.21.7-1
- protobuf <unfixed>
NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
@@ -6430,8 +6451,8 @@ CVE-2022-40188 (Knot Resolver before 5.5.3 allows remote attackers to cause a de
[bullseye] - knot-resolver <no-dsa> (Minor issue)
NOTE: https://github.com/CZ-NIC/knot-resolver/commit/f6577a20e493c7fbdac124d7544bf1846b084185 (v5.5.3)
NOTE: https://www.knot-resolver.cz/2022-09-21-knot-resolver-5.5.3.html
-CVE-2022-40187
- RESERVED
+CVE-2022-40187 (Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communicati ...)
+ TODO: check
CVE-2022-40186 (An issue was discovered in HashiCorp Vault and Vault Enterprise before ...)
NOT-FOR-US: HashiCorp Vault and Vault Enterprise
CVE-2022-40185
@@ -8405,12 +8426,12 @@ CVE-2022-39301
RESERVED
CVE-2022-39300
RESERVED
-CVE-2022-39299
- RESERVED
-CVE-2022-39298
- RESERVED
-CVE-2022-39297
- RESERVED
+CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...)
+ TODO: check
+CVE-2022-39298 (MelisFront is the engine that displays website hosted on Melis Platfor ...)
+ TODO: check
+CVE-2022-39297 (MelisCms provides a full CMS for Melis Platform, including templating ...)
+ TODO: check
CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's assets locat ...)
NOT-FOR-US: MelisAssetManager
CVE-2022-39295
@@ -8453,10 +8474,10 @@ CVE-2022-39285 (ZoneMinder is a free, open source Closed-circuit television soft
NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions prior to 4. ...)
- codeigniter <itp> (bug #471583)
-CVE-2022-39283
- RESERVED
-CVE-2022-39282
- RESERVED
+CVE-2022-39283 (FreeRDP is a free remote desktop protocol library and clients. All Fre ...)
+ TODO: check
+CVE-2022-39282 (FreeRDP is a free remote desktop protocol library and clients. FreeRDP ...)
+ TODO: check
CVE-2022-39281 (fat_free_crm is a an open source, Ruby on Rails customer relationship ...)
NOT-FOR-US: fat_free_crm
CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in versions bef ...)
@@ -11382,8 +11403,8 @@ CVE-2022-38363
RESERVED
CVE-2022-2829 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
NOT-FOR-US: yetiforcecrm
-CVE-2022-2828
- RESERVED
+CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal inform ...)
+ TODO: check
CVE-2022-2827
RESERVED
CVE-2022-2826
@@ -13239,8 +13260,8 @@ CVE-2022-37603
RESERVED
CVE-2022-37602
RESERVED
-CVE-2022-37601
- RESERVED
+CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in parseQuery ...)
+ TODO: check
CVE-2022-37600
RESERVED
CVE-2022-37599 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...)
@@ -21895,10 +21916,10 @@ CVE-2022-34393
RESERVED
CVE-2022-34392
RESERVED
-CVE-2022-34391
- RESERVED
-CVE-2022-34390
- RESERVED
+CVE-2022-34391 (Dell Client BIOS Versions prior to the remediated version contain an i ...)
+ TODO: check
+CVE-2022-34390 (Dell BIOS contains a use of uninitialized variable vulnerability. A lo ...)
+ TODO: check
CVE-2022-34389
RESERVED
CVE-2022-34388
@@ -22855,8 +22876,8 @@ CVE-2022-34022
RESERVED
CVE-2022-34021
RESERVED
-CVE-2022-34020
- RESERVED
+CVE-2022-34020 (Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT P ...)
+ TODO: check
CVE-2022-34019
RESERVED
CVE-2022-34018
@@ -23257,8 +23278,8 @@ CVE-2014-125003 (A vulnerability was found in FFmpeg 2.0 and classified as probl
CVE-2014-125002 (A vulnerability was found in FFmpeg 2.0. It has been classified as pro ...)
- ffmpeg <not-affected> (Fixed before re-introduction to Debian as src:ffmpeg)
NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005b (n2.2-rc1)
-CVE-2022-33937
- RESERVED
+CVE-2022-33937 (Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerabil ...)
+ TODO: check
CVE-2022-33936 (Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerab ...)
NOT-FOR-US: EMC
CVE-2022-33935 (Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a ...)
@@ -23287,16 +23308,16 @@ CVE-2022-33924 (Dell Wyse Management Suite 3.6.1 and below contains an Improper
NOT-FOR-US: Dell Wyse Management Suite
CVE-2022-33923 (Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Inj ...)
NOT-FOR-US: Dell
-CVE-2022-33922
- RESERVED
-CVE-2022-33921
- RESERVED
-CVE-2022-33920
- RESERVED
-CVE-2022-33919
- RESERVED
-CVE-2022-33918
- RESERVED
+CVE-2022-33922 (Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folde ...)
+ TODO: check
+CVE-2022-33921 (Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking ...)
+ TODO: check
+CVE-2022-33920 (Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path v ...)
+ TODO: check
+CVE-2022-33919 (Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure ...)
+ TODO: check
+CVE-2022-33918 (Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure ...)
+ TODO: check
CVE-2022-33917 (An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29 ...)
NOT-FOR-US: ARM Mali
CVE-2022-2117 (The GiveWP plugin for WordPress is vulnerable to Sensitive Information ...)
@@ -26660,28 +26681,28 @@ CVE-2022-32495
RESERVED
CVE-2022-32494
RESERVED
-CVE-2022-32493
- RESERVED
+CVE-2022-32493 (Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A loc ...)
+ TODO: check
CVE-2022-32492 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
-CVE-2022-32491
- RESERVED
+CVE-2022-32491 (Dell Client BIOS contains a Buffer Overflow vulnerability. A local aut ...)
+ TODO: check
CVE-2022-32490
RESERVED
-CVE-2022-32489
- RESERVED
-CVE-2022-32488
- RESERVED
-CVE-2022-32487
- RESERVED
+CVE-2022-32489 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2022-32488 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2022-32487 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2022-32486 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
-CVE-2022-32485
- RESERVED
-CVE-2022-32484
- RESERVED
-CVE-2022-32483
- RESERVED
+CVE-2022-32485 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2022-32484 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2022-32483 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2022-32482
RESERVED
CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a p ...)
@@ -30421,8 +30442,8 @@ CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or r
NOT-FOR-US: Dell
CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message ...)
NOT-FOR-US: Dell
-CVE-2022-31228
- RESERVED
+CVE-2022-31228 (Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vu ...)
+ TODO: check
CVE-2022-31227
RESERVED
CVE-2022-31226 (Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability ...)
@@ -89032,8 +89053,8 @@ CVE-2021-36370 (An issue was discovered in Midnight Commander through 4.8.26. Wh
[buster] - mc <no-dsa> (Minor issue)
[stretch] - mc <no-dsa> (Minor issue)
NOTE: https://github.com/MidnightCommander/mc/commit/9235d3c232d13ad7f973346077c9cf2eaa77dc5f
-CVE-2021-36369
- RESERVED
+CVE-2021-36369 (An issue was discovered in Dropbear through 2020.81. Due to a non-RFC- ...)
+ TODO: check
CVE-2021-36368 (** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a cli ...)
- openssh 1:8.9p1-1 (unimportant)
NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3316
@@ -272766,10 +272787,10 @@ CVE-2018-18449 (EmpireCMS 7.5 allows CSRF for adding a user account via an enews
NOT-FOR-US: EmpireCMS
CVE-2018-18448
RESERVED
-CVE-2018-18447
- RESERVED
-CVE-2018-18446
- RESERVED
+CVE-2018-18447 (dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data ...)
+ TODO: check
+CVE-2018-18446 (dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data ...)
+ TODO: check
CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...)
{DSA-4755-1 DLA-2358-1}
- openexr 2.5.3-2 (unimportant)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/123fdc15401f38055b4cde85f4e4a4744be8ea2c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/123fdc15401f38055b4cde85f4e4a4744be8ea2c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221013/8728ae9e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list