[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 13 21:10:31 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2f09da58 by security tracker role at 2022-10-13T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2022-42918
+ RESERVED
+CVE-2022-42917
+ RESERVED
+CVE-2022-42916
+ RESERVED
+CVE-2022-42915
+ RESERVED
+CVE-2022-42914
+ RESERVED
+CVE-2022-42913
+ RESERVED
+CVE-2022-42912
+ RESERVED
+CVE-2022-42911
+ RESERVED
+CVE-2022-42910
+ RESERVED
+CVE-2022-42909
+ RESERVED
+CVE-2022-42908
+ RESERVED
+CVE-2022-3499
+ RESERVED
+CVE-2022-3498
+ RESERVED
+CVE-2022-3497
+ RESERVED
+CVE-2022-3496
+ RESERVED
+CVE-2022-3495
+ RESERVED
+CVE-2022-3494
+ RESERVED
+CVE-2022-3493 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-3492 (A vulnerability classified as critical was found in SourceCodester Hum ...)
+ TODO: check
+CVE-2022-3491
+ RESERVED
+CVE-2022-3490
+ RESERVED
+CVE-2022-3489
+ RESERVED
+CVE-2022-3488
+ RESERVED
+CVE-2022-3487
+ RESERVED
+CVE-2022-3486
+ RESERVED
+CVE-2022-3485
+ RESERVED
+CVE-2022-3484
+ RESERVED
+CVE-2022-3483
+ RESERVED
+CVE-2022-3482
+ RESERVED
+CVE-2022-3481
+ RESERVED
+CVE-2022-3480
+ RESERVED
+CVE-2022-3479
+ RESERVED
CVE-2022-42907
RESERVED
CVE-2022-42905
@@ -72,8 +136,8 @@ CVE-2022-3463
RESERVED
CVE-2022-3462
RESERVED
-CVE-2022-42889
- RESERVED
+CVE-2022-42889 (Apache Commons Text performs variable interpolation, allowing properti ...)
+ TODO: check
CVE-2022-42878
RESERVED
CVE-2022-42877
@@ -404,26 +468,32 @@ CVE-2022-3451
RESERVED
CVE-2022-3450
RESERVED
+ {DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3449
RESERVED
+ {DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3448
RESERVED
+ {DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3447
RESERVED
+ {DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3446
RESERVED
+ {DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3445
RESERVED
+ {DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-42735
@@ -1698,18 +1768,18 @@ CVE-2022-42163
RESERVED
CVE-2022-42162
RESERVED
-CVE-2022-42161
- RESERVED
-CVE-2022-42160
- RESERVED
-CVE-2022-42159
- RESERVED
+CVE-2022-42161 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command i ...)
+ TODO: check
+CVE-2022-42160 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command i ...)
+ TODO: check
+CVE-2022-42159 (D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable ...)
+ TODO: check
CVE-2022-42158
RESERVED
CVE-2022-42157
RESERVED
-CVE-2022-42156
- RESERVED
+CVE-2022-42156 (D-Link COVR 1200,1203 v1.08 was discovered to contain a command inject ...)
+ TODO: check
CVE-2022-42155
RESERVED
CVE-2022-42154
@@ -3351,26 +3421,26 @@ CVE-2022-41491
RESERVED
CVE-2022-41490
RESERVED
-CVE-2022-41489
- RESERVED
+CVE-2022-41489 (WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request F ...)
+ TODO: check
CVE-2022-41488
RESERVED
CVE-2022-41487
RESERVED
CVE-2022-41486
RESERVED
-CVE-2022-41485
- RESERVED
-CVE-2022-41484
- RESERVED
-CVE-2022-41483
- RESERVED
-CVE-2022-41482
- RESERVED
-CVE-2022-41481
- RESERVED
-CVE-2022-41480
- RESERVED
+CVE-2022-41485 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...)
+ TODO: check
+CVE-2022-41484 (Tenda AC1900 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...)
+ TODO: check
+CVE-2022-41483 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...)
+ TODO: check
+CVE-2022-41482 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...)
+ TODO: check
+CVE-2022-41481 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...)
+ TODO: check
+CVE-2022-41480 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...)
+ TODO: check
CVE-2022-41479
RESERVED
CVE-2022-41478
@@ -3379,12 +3449,12 @@ CVE-2022-41477
RESERVED
CVE-2022-41476
RESERVED
-CVE-2022-41475
- RESERVED
-CVE-2022-41474
- RESERVED
-CVE-2022-41473
- RESERVED
+CVE-2022-41475 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2022-41474 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2022-41473 (RPCMS v3.0.2 was discovered to contain a reflected cross-site scriptin ...)
+ TODO: check
CVE-2022-41472
RESERVED
CVE-2022-41471
@@ -8441,8 +8511,8 @@ CVE-2022-39295
RESERVED
CVE-2022-39294
RESERVED
-CVE-2022-39293
- RESERVED
+CVE-2022-39293 (Azure RTOS USBX is a high-performance USB host, device, and on-the-go ...)
+ TODO: check
CVE-2022-39292 (Slack Morphism is a modern client library for Slack Web/Events API/Soc ...)
NOT-FOR-US: Slack Morphism
CVE-2022-39291 (ZoneMinder is a free, open source Closed-circuit television software a ...)
@@ -9517,8 +9587,8 @@ CVE-2022-38904
RESERVED
CVE-2022-38903
RESERVED
-CVE-2022-38902
- RESERVED
+CVE-2022-38902 (A Cross-site scripting (XSS) vulnerability in the Blog module - add ne ...)
+ TODO: check
CVE-2022-38901
RESERVED
CVE-2022-38900
@@ -14404,8 +14474,8 @@ CVE-2022-37210
RESERVED
CVE-2022-37209 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...)
NOT-FOR-US: JFinal CMS
-CVE-2022-37208
- RESERVED
+CVE-2022-37208 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do n ...)
+ TODO: check
CVE-2022-37207 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...)
NOT-FOR-US: JFinal CMS
CVE-2022-37206
@@ -19878,10 +19948,10 @@ CVE-2022-35083
RESERVED
CVE-2022-35082
RESERVED
-CVE-2022-35081
- RESERVED
-CVE-2022-35080
- RESERVED
+CVE-2022-35081 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...)
+ TODO: check
+CVE-2022-35080 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...)
+ TODO: check
CVE-2022-35079
RESERVED
CVE-2022-35078
@@ -49792,8 +49862,7 @@ CVE-2022-24699
RESERVED
CVE-2022-24698
RESERVED
-CVE-2022-24697
- RESERVED
+CVE-2022-24697 (Kylin's cube designer function has a command injection vulnerability w ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2022-0551 (Improper Input Validation vulnerability in project file upload in Nozo ...)
NOT-FOR-US: Nozomi Networks
@@ -88068,7 +88137,7 @@ CVE-2021-36780 (A Improper Access Control vulnerability in longhorn of SUSE Long
NOT-FOR-US: Longhorn
CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn allows any w ...)
NOT-FOR-US: Longhorn
-CVE-2021-36778 (A Exposure of Sensitive Information to an Unauthorized Actor vulnerabi ...)
+CVE-2021-36778 (A Incorrect Authorization vulnerability in SUSE Rancher allows adminis ...)
NOT-FOR-US: Rancher
CVE-2021-36777 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
NOT-FOR-US: OpenSuSE infrastructure
@@ -100010,7 +100079,7 @@ CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerabil
NOT-FOR-US: Rancher
CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...)
- inn2 <not-affected> (SuSE-specific packaging issue)
-CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...)
+CVE-2021-31997 (A UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...)
- postorius <not-affected> (SuSE-specific packaging issue)
CVE-2021-31996 (An issue was discovered in the algorithmica crate through 2021-03-07 f ...)
NOT-FOR-US: Rust crate algorithmica
@@ -131993,8 +132062,8 @@ CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire
NOT-FOR-US: SonicWall
CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially allows ...)
NOT-FOR-US: SonicWall
-CVE-2021-20030
- RESERVED
+CVE-2021-20030 (SonicWall GMS is vulnerable to file path manipulation resulting that a ...)
+ TODO: check
CVE-2021-20029
RESERVED
CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Comma ...)
@@ -145199,61 +145268,61 @@ CVE-2020-26868 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable to
CVE-2020-26867 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to t ...)
NOT-FOR-US: PcVue
CVE-2020-26866
- RESERVED
+ REJECTED
CVE-2020-26865
- RESERVED
+ REJECTED
CVE-2020-26864
- RESERVED
+ REJECTED
CVE-2020-26863
- RESERVED
+ REJECTED
CVE-2020-26862
- RESERVED
+ REJECTED
CVE-2020-26861
- RESERVED
+ REJECTED
CVE-2020-26860
- RESERVED
+ REJECTED
CVE-2020-26859
- RESERVED
+ REJECTED
CVE-2020-26858
- RESERVED
+ REJECTED
CVE-2020-26857
- RESERVED
+ REJECTED
CVE-2020-26856
- RESERVED
+ REJECTED
CVE-2020-26855
- RESERVED
+ REJECTED
CVE-2020-26854
- RESERVED
+ REJECTED
CVE-2020-26853
- RESERVED
+ REJECTED
CVE-2020-26852
- RESERVED
+ REJECTED
CVE-2020-26851
- RESERVED
+ REJECTED
CVE-2020-26850
- RESERVED
+ REJECTED
CVE-2020-26849
- RESERVED
+ REJECTED
CVE-2020-26848
- RESERVED
+ REJECTED
CVE-2020-26847
- RESERVED
+ REJECTED
CVE-2020-26846
- RESERVED
+ REJECTED
CVE-2020-26845
- RESERVED
+ REJECTED
CVE-2020-26844
- RESERVED
+ REJECTED
CVE-2020-26843
- RESERVED
+ REJECTED
CVE-2020-26842
- RESERVED
+ REJECTED
CVE-2020-26841
- RESERVED
+ REJECTED
CVE-2020-26840
- RESERVED
+ REJECTED
CVE-2020-26839
- RESERVED
+ REJECTED
CVE-2020-26838 (SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, ...)
NOT-FOR-US: SAP
CVE-2020-26837 (SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, ...)
@@ -210941,7 +211010,7 @@ CVE-2019-18908
RESERVED
CVE-2019-18907
RESERVED
-CVE-2019-18906 (A Use of Password Hash Instead of Password for Authentication vulnerab ...)
+CVE-2019-18906 (A Improper Authentication vulnerability in cryptctl of SUSE Linux Ente ...)
NOT-FOR-US: SAP
CVE-2019-18905 (A Insufficient Verification of Data Authenticity vulnerability in auto ...)
NOT-FOR-US: autoyast2
@@ -274274,7 +274343,7 @@ CVE-2018-17956 (In yast2-samba-provision up to and including version 1.0.1 the p
NOT-FOR-US: yast2-samba-provision
CVE-2018-17955 (In yast2-multipath before version 4.1.1 a static temporary filename al ...)
NOT-FOR-US: yast2-multipath
-CVE-2018-17954 (A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack ...)
+CVE-2018-17954 (An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, ...)
NOT-FOR-US: crowbar
CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access rule matc ...)
- pam <not-affected> (Issue introduced by SUSE specific patch)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f09da587a161cdc9a9014b5645a697cf1380053
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f09da587a161cdc9a9014b5645a697cf1380053
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221013/f4d542d0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list