[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 13 21:10:31 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f09da58 by security tracker role at 2022-10-13T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2022-42918
+	RESERVED
+CVE-2022-42917
+	RESERVED
+CVE-2022-42916
+	RESERVED
+CVE-2022-42915
+	RESERVED
+CVE-2022-42914
+	RESERVED
+CVE-2022-42913
+	RESERVED
+CVE-2022-42912
+	RESERVED
+CVE-2022-42911
+	RESERVED
+CVE-2022-42910
+	RESERVED
+CVE-2022-42909
+	RESERVED
+CVE-2022-42908
+	RESERVED
+CVE-2022-3499
+	RESERVED
+CVE-2022-3498
+	RESERVED
+CVE-2022-3497
+	RESERVED
+CVE-2022-3496
+	RESERVED
+CVE-2022-3495
+	RESERVED
+CVE-2022-3494
+	RESERVED
+CVE-2022-3493 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2022-3492 (A vulnerability classified as critical was found in SourceCodester Hum ...)
+	TODO: check
+CVE-2022-3491
+	RESERVED
+CVE-2022-3490
+	RESERVED
+CVE-2022-3489
+	RESERVED
+CVE-2022-3488
+	RESERVED
+CVE-2022-3487
+	RESERVED
+CVE-2022-3486
+	RESERVED
+CVE-2022-3485
+	RESERVED
+CVE-2022-3484
+	RESERVED
+CVE-2022-3483
+	RESERVED
+CVE-2022-3482
+	RESERVED
+CVE-2022-3481
+	RESERVED
+CVE-2022-3480
+	RESERVED
+CVE-2022-3479
+	RESERVED
 CVE-2022-42907
 	RESERVED
 CVE-2022-42905
@@ -72,8 +136,8 @@ CVE-2022-3463
 	RESERVED
 CVE-2022-3462
 	RESERVED
-CVE-2022-42889
-	RESERVED
+CVE-2022-42889 (Apache Commons Text performs variable interpolation, allowing properti ...)
+	TODO: check
 CVE-2022-42878
 	RESERVED
 CVE-2022-42877
@@ -404,26 +468,32 @@ CVE-2022-3451
 	RESERVED
 CVE-2022-3450
 	RESERVED
+	{DSA-5253-1}
 	- chromium 106.0.5249.119-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3449
 	RESERVED
+	{DSA-5253-1}
 	- chromium 106.0.5249.119-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3448
 	RESERVED
+	{DSA-5253-1}
 	- chromium 106.0.5249.119-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3447
 	RESERVED
+	{DSA-5253-1}
 	- chromium 106.0.5249.119-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3446
 	RESERVED
+	{DSA-5253-1}
 	- chromium 106.0.5249.119-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3445
 	RESERVED
+	{DSA-5253-1}
 	- chromium 106.0.5249.119-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-42735
@@ -1698,18 +1768,18 @@ CVE-2022-42163
 	RESERVED
 CVE-2022-42162
 	RESERVED
-CVE-2022-42161
-	RESERVED
-CVE-2022-42160
-	RESERVED
-CVE-2022-42159
-	RESERVED
+CVE-2022-42161 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command i ...)
+	TODO: check
+CVE-2022-42160 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command i ...)
+	TODO: check
+CVE-2022-42159 (D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable  ...)
+	TODO: check
 CVE-2022-42158
 	RESERVED
 CVE-2022-42157
 	RESERVED
-CVE-2022-42156
-	RESERVED
+CVE-2022-42156 (D-Link COVR 1200,1203 v1.08 was discovered to contain a command inject ...)
+	TODO: check
 CVE-2022-42155
 	RESERVED
 CVE-2022-42154
@@ -3351,26 +3421,26 @@ CVE-2022-41491
 	RESERVED
 CVE-2022-41490
 	RESERVED
-CVE-2022-41489
-	RESERVED
+CVE-2022-41489 (WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request F ...)
+	TODO: check
 CVE-2022-41488
 	RESERVED
 CVE-2022-41487
 	RESERVED
 CVE-2022-41486
 	RESERVED
-CVE-2022-41485
-	RESERVED
-CVE-2022-41484
-	RESERVED
-CVE-2022-41483
-	RESERVED
-CVE-2022-41482
-	RESERVED
-CVE-2022-41481
-	RESERVED
-CVE-2022-41480
-	RESERVED
+CVE-2022-41485 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to  ...)
+	TODO: check
+CVE-2022-41484 (Tenda AC1900 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to  ...)
+	TODO: check
+CVE-2022-41483 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to  ...)
+	TODO: check
+CVE-2022-41482 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to  ...)
+	TODO: check
+CVE-2022-41481 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to  ...)
+	TODO: check
+CVE-2022-41480 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to  ...)
+	TODO: check
 CVE-2022-41479
 	RESERVED
 CVE-2022-41478
@@ -3379,12 +3449,12 @@ CVE-2022-41477
 	RESERVED
 CVE-2022-41476
 	RESERVED
-CVE-2022-41475
-	RESERVED
-CVE-2022-41474
-	RESERVED
-CVE-2022-41473
-	RESERVED
+CVE-2022-41475 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2022-41474 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2022-41473 (RPCMS v3.0.2 was discovered to contain a reflected cross-site scriptin ...)
+	TODO: check
 CVE-2022-41472
 	RESERVED
 CVE-2022-41471
@@ -8441,8 +8511,8 @@ CVE-2022-39295
 	RESERVED
 CVE-2022-39294
 	RESERVED
-CVE-2022-39293
-	RESERVED
+CVE-2022-39293 (Azure RTOS USBX is a high-performance USB host, device, and on-the-go  ...)
+	TODO: check
 CVE-2022-39292 (Slack Morphism is a modern client library for Slack Web/Events API/Soc ...)
 	NOT-FOR-US: Slack Morphism
 CVE-2022-39291 (ZoneMinder is a free, open source Closed-circuit television software a ...)
@@ -9517,8 +9587,8 @@ CVE-2022-38904
 	RESERVED
 CVE-2022-38903
 	RESERVED
-CVE-2022-38902
-	RESERVED
+CVE-2022-38902 (A Cross-site scripting (XSS) vulnerability in the Blog module - add ne ...)
+	TODO: check
 CVE-2022-38901
 	RESERVED
 CVE-2022-38900
@@ -14404,8 +14474,8 @@ CVE-2022-37210
 	RESERVED
 CVE-2022-37209 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...)
 	NOT-FOR-US: JFinal CMS
-CVE-2022-37208
-	RESERVED
+CVE-2022-37208 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do n ...)
+	TODO: check
 CVE-2022-37207 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...)
 	NOT-FOR-US: JFinal CMS
 CVE-2022-37206
@@ -19878,10 +19948,10 @@ CVE-2022-35083
 	RESERVED
 CVE-2022-35082
 	RESERVED
-CVE-2022-35081
-	RESERVED
-CVE-2022-35080
-	RESERVED
+CVE-2022-35081 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...)
+	TODO: check
+CVE-2022-35080 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...)
+	TODO: check
 CVE-2022-35079
 	RESERVED
 CVE-2022-35078
@@ -49792,8 +49862,7 @@ CVE-2022-24699
 	RESERVED
 CVE-2022-24698
 	RESERVED
-CVE-2022-24697
-	RESERVED
+CVE-2022-24697 (Kylin's cube designer function has a command injection vulnerability w ...)
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2022-0551 (Improper Input Validation vulnerability in project file upload in Nozo ...)
 	NOT-FOR-US: Nozomi Networks
@@ -88068,7 +88137,7 @@ CVE-2021-36780 (A Improper Access Control vulnerability in longhorn of SUSE Long
 	NOT-FOR-US: Longhorn
 CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn allows any w ...)
 	NOT-FOR-US: Longhorn
-CVE-2021-36778 (A Exposure of Sensitive Information to an Unauthorized Actor vulnerabi ...)
+CVE-2021-36778 (A Incorrect Authorization vulnerability in SUSE Rancher allows adminis ...)
 	NOT-FOR-US: Rancher
 CVE-2021-36777 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
 	NOT-FOR-US: OpenSuSE infrastructure
@@ -100010,7 +100079,7 @@ CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerabil
 	NOT-FOR-US: Rancher
 CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn  ...)
 	- inn2 <not-affected> (SuSE-specific packaging issue)
-CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...)
+CVE-2021-31997 (A UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...)
 	- postorius <not-affected> (SuSE-specific packaging issue)
 CVE-2021-31996 (An issue was discovered in the algorithmica crate through 2021-03-07 f ...)
 	NOT-FOR-US: Rust crate algorithmica
@@ -131993,8 +132062,8 @@ CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire
 	NOT-FOR-US: SonicWall
 CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially allows  ...)
 	NOT-FOR-US: SonicWall
-CVE-2021-20030
-	RESERVED
+CVE-2021-20030 (SonicWall GMS is vulnerable to file path manipulation resulting that a ...)
+	TODO: check
 CVE-2021-20029
 	RESERVED
 CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Comma ...)
@@ -145199,61 +145268,61 @@ CVE-2020-26868 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable to
 CVE-2020-26867 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to t ...)
 	NOT-FOR-US: PcVue
 CVE-2020-26866
-	RESERVED
+	REJECTED
 CVE-2020-26865
-	RESERVED
+	REJECTED
 CVE-2020-26864
-	RESERVED
+	REJECTED
 CVE-2020-26863
-	RESERVED
+	REJECTED
 CVE-2020-26862
-	RESERVED
+	REJECTED
 CVE-2020-26861
-	RESERVED
+	REJECTED
 CVE-2020-26860
-	RESERVED
+	REJECTED
 CVE-2020-26859
-	RESERVED
+	REJECTED
 CVE-2020-26858
-	RESERVED
+	REJECTED
 CVE-2020-26857
-	RESERVED
+	REJECTED
 CVE-2020-26856
-	RESERVED
+	REJECTED
 CVE-2020-26855
-	RESERVED
+	REJECTED
 CVE-2020-26854
-	RESERVED
+	REJECTED
 CVE-2020-26853
-	RESERVED
+	REJECTED
 CVE-2020-26852
-	RESERVED
+	REJECTED
 CVE-2020-26851
-	RESERVED
+	REJECTED
 CVE-2020-26850
-	RESERVED
+	REJECTED
 CVE-2020-26849
-	RESERVED
+	REJECTED
 CVE-2020-26848
-	RESERVED
+	REJECTED
 CVE-2020-26847
-	RESERVED
+	REJECTED
 CVE-2020-26846
-	RESERVED
+	REJECTED
 CVE-2020-26845
-	RESERVED
+	REJECTED
 CVE-2020-26844
-	RESERVED
+	REJECTED
 CVE-2020-26843
-	RESERVED
+	REJECTED
 CVE-2020-26842
-	RESERVED
+	REJECTED
 CVE-2020-26841
-	RESERVED
+	REJECTED
 CVE-2020-26840
-	RESERVED
+	REJECTED
 CVE-2020-26839
-	RESERVED
+	REJECTED
 CVE-2020-26838 (SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751,  ...)
 	NOT-FOR-US: SAP
 CVE-2020-26837 (SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2,  ...)
@@ -210941,7 +211010,7 @@ CVE-2019-18908
 	RESERVED
 CVE-2019-18907
 	RESERVED
-CVE-2019-18906 (A Use of Password Hash Instead of Password for Authentication vulnerab ...)
+CVE-2019-18906 (A Improper Authentication vulnerability in cryptctl of SUSE Linux Ente ...)
 	NOT-FOR-US: SAP
 CVE-2019-18905 (A Insufficient Verification of Data Authenticity vulnerability in auto ...)
 	NOT-FOR-US: autoyast2
@@ -274274,7 +274343,7 @@ CVE-2018-17956 (In yast2-samba-provision up to and including version 1.0.1 the p
 	NOT-FOR-US: yast2-samba-provision
 CVE-2018-17955 (In yast2-multipath before version 4.1.1 a static temporary filename al ...)
 	NOT-FOR-US: yast2-multipath
-CVE-2018-17954 (A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack ...)
+CVE-2018-17954 (An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, ...)
 	NOT-FOR-US: crowbar
 CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access rule matc ...)
 	- pam <not-affected> (Issue introduced by SUSE specific patch)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f09da587a161cdc9a9014b5645a697cf1380053

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f09da587a161cdc9a9014b5645a697cf1380053
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221013/f4d542d0/attachment.htm>


More information about the debian-security-tracker-commits mailing list