[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 14 09:10:22 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e597bf16 by security tracker role at 2022-10-14T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2022-42919
+ RESERVED
+CVE-2022-3503
+ RESERVED
+CVE-2022-3502
+ RESERVED
+CVE-2022-3501
+ RESERVED
+CVE-2022-3500
+ RESERVED
CVE-2022-42918
RESERVED
CVE-2022-42917
@@ -24,12 +34,12 @@ CVE-2022-3499
RESERVED
CVE-2022-3498
RESERVED
-CVE-2022-3497
- RESERVED
-CVE-2022-3496
- RESERVED
-CVE-2022-3495
- RESERVED
+CVE-2022-3497 (A vulnerability was found in SourceCodester Human Resource Management ...)
+ TODO: check
+CVE-2022-3496 (A vulnerability was found in SourceCodester Human Resource Management ...)
+ TODO: check
+CVE-2022-3495 (A vulnerability has been found in SourceCodester Simple Online Public ...)
+ TODO: check
CVE-2022-3494
RESERVED
CVE-2022-3493 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -354,10 +364,10 @@ CVE-2022-42785
RESERVED
CVE-2022-42784
RESERVED
-CVE-2022-3457
- RESERVED
-CVE-2022-3456
- RESERVED
+CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb prior to ...)
+ TODO: check
+CVE-2022-3456 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
+ TODO: check
CVE-2022-3455
RESERVED
CVE-2022-3454
@@ -536,26 +546,22 @@ CVE-2022-42724 (app/Controller/UsersController.php in MISP before 2.4.164 allows
NOT-FOR-US: MISP
CVE-2022-42723
RESERVED
-CVE-2022-42722
- RESERVED
+CVE-2022-42722 (In the Linux kernel 5.8 through 5.19.14, local attackers able to injec ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
-CVE-2022-42721
- RESERVED
+CVE-2022-42721 (A list management bug in BSS handling in the mac80211 stack in the Lin ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
-CVE-2022-42720
- RESERVED
+CVE-2022-42720 (Various refcounting bugs in the multi-BSS handling in the mac80211 sta ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
-CVE-2022-42719
- RESERVED
+CVE-2022-42719 (A use-after-free in the mac80211 stack when parsing a multi-BSSID elem ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
@@ -2887,8 +2893,7 @@ CVE-2022-41676
RESERVED
CVE-2022-41675
RESERVED
-CVE-2022-41674
- RESERVED
+CVE-2022-41674 (An issue was discovered in the Linux kernel through 5.19.11. Attackers ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
@@ -3341,20 +3346,20 @@ CVE-2022-41541
RESERVED
CVE-2022-41540
RESERVED
-CVE-2022-41539
- RESERVED
-CVE-2022-41538
- RESERVED
+CVE-2022-41539 (Wedding Planner v1.0 was discovered to contain an arbitrary file uploa ...)
+ TODO: check
+CVE-2022-41538 (Wedding Planner v1.0 was discovered to contain an arbitrary file uploa ...)
+ TODO: check
CVE-2022-41537
RESERVED
-CVE-2022-41536
- RESERVED
-CVE-2022-41535
- RESERVED
-CVE-2022-41534
- RESERVED
-CVE-2022-41533
- RESERVED
+CVE-2022-41536 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
+ TODO: check
+CVE-2022-41535 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
+ TODO: check
+CVE-2022-41534 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
+ TODO: check
+CVE-2022-41533 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
+ TODO: check
CVE-2022-41532 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41531
@@ -3425,12 +3430,12 @@ CVE-2022-41499
RESERVED
CVE-2022-41498
RESERVED
-CVE-2022-41497
- RESERVED
-CVE-2022-41496
- RESERVED
-CVE-2022-41495
- RESERVED
+CVE-2022-41497 (ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forge ...)
+ TODO: check
+CVE-2022-41496 (iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery ( ...)
+ TODO: check
+CVE-2022-41495 (ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forge ...)
+ TODO: check
CVE-2022-41494
RESERVED
CVE-2022-41493
@@ -3451,7 +3456,7 @@ CVE-2022-41486
RESERVED
CVE-2022-41485 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...)
NOT-FOR-US: Tenda
-CVE-2022-41484 (Tenda AC1900 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...)
+CVE-2022-41484 (Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buf ...)
NOT-FOR-US: Tenda
CVE-2022-41483 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...)
NOT-FOR-US: Tenda
@@ -3640,10 +3645,10 @@ CVE-2022-41393
RESERVED
CVE-2022-41392 (A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 ...)
NOT-FOR-US: TotalJS CMS
-CVE-2022-41391
- RESERVED
-CVE-2022-41390
- RESERVED
+CVE-2022-41391 (OcoMon v4.0 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
+CVE-2022-41390 (OcoMon v4.0 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
CVE-2022-41389
RESERVED
CVE-2022-41388
@@ -8511,14 +8516,14 @@ CVE-2022-39305
RESERVED
CVE-2022-39304
RESERVED
-CVE-2022-39303
- RESERVED
-CVE-2022-39302
- RESERVED
+CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows manipulation of SQ ...)
+ TODO: check
+CVE-2022-39302 (Ree6 is a moderation bot. This vulnerability would allow other server ...)
+ TODO: check
CVE-2022-39301
RESERVED
-CVE-2022-39300
- RESERVED
+CVE-2022-39300 (node SAML is a SAML 2.0 library based on the SAML implementation of pa ...)
+ TODO: check
CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...)
NOT-FOR-US: Passport-SAML
CVE-2022-39298 (MelisFront is the engine that displays website hosted on Melis Platfor ...)
@@ -8527,8 +8532,8 @@ CVE-2022-39297 (MelisCms provides a full CMS for Melis Platform, including templ
NOT-FOR-US: MelisCms
CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's assets locat ...)
NOT-FOR-US: MelisAssetManager
-CVE-2022-39295
- RESERVED
+CVE-2022-39295 (Knowage is an open source suite for modern business analytics alternat ...)
+ TODO: check
CVE-2022-39294
RESERVED
CVE-2022-39293 (Azure RTOS USBX is a high-performance USB host, device, and on-the-go ...)
@@ -8583,8 +8588,8 @@ CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in versio
NOT-FOR-US: dparse (parser for Python dependency files)
CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board which adds ...)
NOT-FOR-US: discourse-chat plugin for Discourse
-CVE-2022-39278
- RESERVED
+CVE-2022-39278 (Istio is an open platform-independent service mesh that provides traff ...)
+ TODO: check
CVE-2022-39277
RESERVED
CVE-2022-39276
@@ -8715,8 +8720,8 @@ CVE-2022-39231 (Parse Server is an open source backend that can be deployed to a
NOT-FOR-US: Node parse-server
CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the authorizatio ...)
NOT-FOR-US: fhir-works-on-aws-authz-smart
-CVE-2022-39229
- RESERVED
+CVE-2022-39229 (Grafana is an open source data visualization platform for metrics, log ...)
+ TODO: check
CVE-2022-39228
RESERVED
CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web Tokens. V ...)
@@ -8779,8 +8784,8 @@ CVE-2022-39203 (matrix-appservice-irc is an open source Node.js IRC bridge for M
NOT-FOR-US: matrix-appservice-irc
CVE-2022-39202 (matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. ...)
NOT-FOR-US: matrix-appservice-irc
-CVE-2022-39201
- RESERVED
+CVE-2022-39201 (Grafana is an open source observability and data visualization platfor ...)
+ TODO: check
CVE-2022-39200 (Dendrite is a Matrix homeserver written in Go. In affected versions ev ...)
NOT-FOR-US: Dendrite
CVE-2022-39199
@@ -12018,8 +12023,8 @@ CVE-2022-2782
RESERVED
CVE-2022-2781 (In affected versions of Octopus Server it was identified that the same ...)
NOT-FOR-US: Octopus
-CVE-2022-2780
- RESERVED
+CVE-2022-2780 (In affected versions of Octopus Server it is possible to use the Git C ...)
+ TODO: check
CVE-2022-2779 (A vulnerability classified as critical was found in SourceCodester Gas ...)
NOT-FOR-US: SourceCodester Gas Agency Management System
CVE-2022-2778 (In affected versions of Octopus Deploy it is possible to bypass rate l ...)
@@ -15537,10 +15542,10 @@ CVE-2022-36805
RESERVED
CVE-2022-36804 (Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7 ...)
NOT-FOR-US: Atlassian
-CVE-2022-36803
- RESERVED
-CVE-2022-36802
- RESERVED
+CVE-2022-36803 (The MasterUserEdit API in Atlassian Jira Align Server before version 1 ...)
+ TODO: check
+CVE-2022-36802 (The ManageJiraConnectors API in Atlassian Jira Align before version 10 ...)
+ TODO: check
CVE-2022-36801 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
NOT-FOR-US: Atlassian
CVE-2022-36800 (Affected versions of Atlassian Jira Service Management Server and Data ...)
@@ -17721,8 +17726,8 @@ CVE-2022-35946 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a
CVE-2022-35945 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...)
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2022-35944
- RESERVED
+CVE-2022-35944 (October is a self-hosted Content Management System (CMS) platform base ...)
+ TODO: check
CVE-2022-35943 (Shield is an authentication and authorization framework for CodeIgnite ...)
- codeigniter <itp> (bug #471583)
CVE-2022-35942 (Improper input validation on the `contains` LoopBack filter may allow ...)
@@ -18570,10 +18575,10 @@ CVE-2022-35614
RESERVED
CVE-2022-35613
RESERVED
-CVE-2022-35612
- RESERVED
-CVE-2022-35611
- RESERVED
+CVE-2022-35612 (A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below ...)
+ TODO: check
+CVE-2022-35611 (A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows ...)
+ TODO: check
CVE-2022-35610
RESERVED
CVE-2022-35609
@@ -19828,12 +19833,12 @@ CVE-2022-35138
RESERVED
CVE-2022-35137 (DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain mult ...)
NOT-FOR-US: DGIOT Lightweight industrial IoT
-CVE-2022-35136
- RESERVED
-CVE-2022-35135
- RESERVED
-CVE-2022-35134
- RESERVED
+CVE-2022-35136 (Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticat ...)
+ TODO: check
+CVE-2022-35135 (Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privilege ...)
+ TODO: check
+CVE-2022-35134 (Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) ...)
+ TODO: check
CVE-2022-35133 (A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allo ...)
- cherrytree <not-affected> (No vulnerable version ever uploaded, introduced in 0.99.44 and fixed in 0.99.45)
NOTE: https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing
@@ -22976,10 +22981,10 @@ CVE-2022-34024 (Barangay Management System v1.0 was discovered to contain an arb
NOT-FOR-US: Barangay Management System
CVE-2022-34023 (Barangay Management System v1.0 was discovered to contain a SQL inject ...)
NOT-FOR-US: Barangay Management System
-CVE-2022-34022
- RESERVED
-CVE-2022-34021
- RESERVED
+CVE-2022-34022 (SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network S ...)
+ TODO: check
+CVE-2022-34021 (Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Plat ...)
+ TODO: check
CVE-2022-34020 (Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT P ...)
NOT-FOR-US: DellResIOT
CVE-2022-34019
@@ -27778,8 +27783,8 @@ CVE-2022-32179
RESERVED
CVE-2022-32178
RESERVED
-CVE-2022-32177
- RESERVED
+CVE-2022-32177 (In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable ...)
+ TODO: check
CVE-2022-32176
RESERVED
CVE-2022-32175 (In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to ...)
@@ -30793,8 +30798,8 @@ CVE-2022-31132 (Nextcloud Mail is an email application for the nextcloud persona
NOT-FOR-US: Nextcloud Mail
CVE-2022-31131 (Nextcloud mail is a Mail app for the Nextcloud home server product. Ve ...)
NOT-FOR-US: Nextcloud Mail app
-CVE-2022-31130
- RESERVED
+CVE-2022-31130 (Grafana is an open source observability and data visualization platfor ...)
+ TODO: check
CVE-2022-31129 (moment is a JavaScript date library for parsing, validating, manipulat ...)
- node-moment 2.29.4+ds-1 (bug #1014845)
[bullseye] - node-moment 2.29.1+ds-2+deb11u2
@@ -30812,8 +30817,8 @@ CVE-2022-31125 (Roxy-wi is an open source web interface for managing Haproxy, Ng
NOT-FOR-US: Roxy-wi
CVE-2022-31124 (openssh_key_parser is an open source Python package providing utilitie ...)
NOT-FOR-US: openssh_key_parser
-CVE-2022-31123
- RESERVED
+CVE-2022-31123 (Grafana is an open source observability and data visualization platfor ...)
+ TODO: check
CVE-2022-31122
RESERVED
CVE-2022-31121 (Hyperledger Fabric is a permissioned distributed ledger framework. In ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e597bf16b9d8332df35e8b29e6d651b6b2a8a1a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e597bf16b9d8332df35e8b29e6d651b6b2a8a1a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221014/2c564a06/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list