[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 14 21:10:37 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99dfb1f5 by security tracker role at 2022-10-14T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,95 @@
-CVE-2022-42919
+CVE-2022-42948
+	RESERVED
+CVE-2022-42947
+	RESERVED
+CVE-2022-42946
+	RESERVED
+CVE-2022-42945
+	RESERVED
+CVE-2022-42944
+	RESERVED
+CVE-2022-42943
+	RESERVED
+CVE-2022-42942
+	RESERVED
+CVE-2022-42941
+	RESERVED
+CVE-2022-42940
+	RESERVED
+CVE-2022-42939
+	RESERVED
+CVE-2022-42938
+	RESERVED
+CVE-2022-42937
+	RESERVED
+CVE-2022-42936
+	RESERVED
+CVE-2022-42935
+	RESERVED
+CVE-2022-42934
+	RESERVED
+CVE-2022-42933
+	RESERVED
+CVE-2022-42932
+	RESERVED
+CVE-2022-42931
+	RESERVED
+CVE-2022-42930
+	RESERVED
+CVE-2022-42929
 	RESERVED
-CVE-2022-3503
+CVE-2022-42928
 	RESERVED
-CVE-2022-3502
+CVE-2022-42927
 	RESERVED
+CVE-2022-42926
+	RESERVED
+CVE-2022-42925
+	RESERVED
+CVE-2022-42924
+	RESERVED
+CVE-2022-42923
+	RESERVED
+CVE-2022-42922
+	RESERVED
+CVE-2022-42921
+	RESERVED
+CVE-2022-42920
+	RESERVED
+CVE-2022-3517
+	RESERVED
+CVE-2022-3516
+	RESERVED
+CVE-2022-3515
+	RESERVED
+CVE-2022-3514
+	RESERVED
+CVE-2022-3513
+	RESERVED
+CVE-2022-3512
+	RESERVED
+CVE-2022-3511
+	RESERVED
+CVE-2022-3510
+	RESERVED
+CVE-2022-3509
+	RESERVED
+CVE-2022-3508
+	RESERVED
+CVE-2022-3507
+	RESERVED
+CVE-2022-3506 (Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/re ...)
+	TODO: check
+CVE-2022-3505 (A vulnerability was found in SourceCodester Sanitization Management Sy ...)
+	TODO: check
+CVE-2022-3504 (A vulnerability was found in SourceCodester Sanitization Management Sy ...)
+	TODO: check
+CVE-2022-42919
+	RESERVED
+CVE-2022-3503 (A vulnerability was found in SourceCodester Purchase Order Management  ...)
+	TODO: check
+CVE-2022-3502 (A vulnerability was found in Human Resource Management System 1.0. It  ...)
+	TODO: check
 CVE-2022-3501
 	RESERVED
 CVE-2022-3500
@@ -70,8 +156,7 @@ CVE-2022-3481
 	RESERVED
 CVE-2022-3480
 	RESERVED
-CVE-2022-3479
-	RESERVED
+CVE-2022-3479 (A vulnerability found in nss. By this security vulnerability, nss clie ...)
 	- nss <unfixed> (bug #1021786)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1774654
 CVE-2022-42907
@@ -527,8 +612,8 @@ CVE-2022-3441
 	RESERVED
 CVE-2022-3440
 	RESERVED
-CVE-2022-3439
-	RESERVED
+CVE-2022-3439 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
+	TODO: check
 CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-42731 (mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows ...)
@@ -619,14 +704,14 @@ CVE-2022-42703 (mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2351
 CVE-2022-3436 (A vulnerability classified as critical was found in SourceCodester Web ...)
 	NOT-FOR-US: SourceCodester Web-Based Student Clearance System
-CVE-2022-42488
-	RESERVED
-CVE-2022-42464
-	RESERVED
-CVE-2022-42463
-	RESERVED
-CVE-2022-41686
-	RESERVED
+CVE-2022-42488 (OpenHarmony-v3.1.2 and prior versions have a Missing permission valida ...)
+	TODO: check
+CVE-2022-42464 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a ...)
+	TODO: check
+CVE-2022-42463 (OpenHarmony-v3.1.2 and prior versions have an authenication bypass vul ...)
+	TODO: check
+CVE-2022-41686 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a ...)
+	TODO: check
 CVE-2022-3434 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
 	NOT-FOR-US: SourceCodester Web-Based Student Clearance System
 CVE-2022-3435 (A vulnerability classified as problematic has been found in Linux Kern ...)
@@ -1651,12 +1736,12 @@ CVE-2022-42236 (A Stored XSS issue in Merchandise Online Store v.1.0 allows to i
 	NOT-FOR-US: Merchandise Online Store
 CVE-2022-42235 (A Stored XSS issue in Student Clearance System v.1.0 allows the inject ...)
 	NOT-FOR-US: Student Clearance System
-CVE-2022-42234
-	RESERVED
+CVE-2022-42234 (There is a file inclusion vulnerability in the template management mod ...)
+	TODO: check
 CVE-2022-42233
 	RESERVED
-CVE-2022-42232
-	RESERVED
+CVE-2022-42232 (Simple Cold Storage Management System v1.0 is vulnerable to SQL Inject ...)
+	TODO: check
 CVE-2022-42231
 	RESERVED
 CVE-2022-42230 (Simple Cold Storage Management System v1.0 is vulnerable to SQL Inject ...)
@@ -1977,22 +2062,22 @@ CVE-2022-42073 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQ
 	NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-42072
 	RESERVED
-CVE-2022-42071
-	RESERVED
-CVE-2022-42070
-	RESERVED
-CVE-2022-42069
-	RESERVED
+CVE-2022-42071 (Online Birth Certificate Management System version 1.0 suffers from a  ...)
+	TODO: check
+CVE-2022-42070 (Online Birth Certificate Management System version 1.0 is vulnerable t ...)
+	TODO: check
+CVE-2022-42069 (Online Birth Certificate Management System version 1.0 suffers from a  ...)
+	TODO: check
 CVE-2022-42068
 	RESERVED
-CVE-2022-42067
-	RESERVED
-CVE-2022-42066
-	RESERVED
+CVE-2022-42067 (Online Birth Certificate Management System version 1.0 suffers from an ...)
+	TODO: check
+CVE-2022-42066 (Online Examination System version 1.0 suffers from a cross site script ...)
+	TODO: check
 CVE-2022-42065
 	RESERVED
-CVE-2022-42064
-	RESERVED
+CVE-2022-42064 (Online Diagnostic Lab Management System version 1.0 remote exploit tha ...)
+	TODO: check
 CVE-2022-42063
 	RESERVED
 CVE-2022-42062
@@ -2811,8 +2896,7 @@ CVE-2022-41717
 	RESERVED
 CVE-2022-41716
 	RESERVED
-CVE-2022-41715
-	RESERVED
+CVE-2022-41715 (Programs which compile regular expressions from untrusted sources may  ...)
 	- golang-1.19 1.19.2-1
 	- golang-1.18 1.18.7-1
 	- golang-1.17 <unfixed>
@@ -2977,62 +3061,62 @@ CVE-2022-41605
 	RESERVED
 CVE-2022-41604 (Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows lo ...)
 	NOT-FOR-US: Check Point ZoneAlarm Extreme Security
-CVE-2022-41603
-	RESERVED
-CVE-2022-41602
-	RESERVED
-CVE-2022-41601
-	RESERVED
-CVE-2022-41600
-	RESERVED
+CVE-2022-41603 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+	TODO: check
+CVE-2022-41602 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+	TODO: check
+CVE-2022-41601 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+	TODO: check
+CVE-2022-41600 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+	TODO: check
 CVE-2022-41599
 	RESERVED
-CVE-2022-41598
-	RESERVED
-CVE-2022-41597
-	RESERVED
+CVE-2022-41598 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+	TODO: check
+CVE-2022-41597 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+	TODO: check
 CVE-2022-41596
 	RESERVED
-CVE-2022-41595
-	RESERVED
-CVE-2022-41594
-	RESERVED
-CVE-2022-41593
-	RESERVED
-CVE-2022-41592
-	RESERVED
+CVE-2022-41595 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+	TODO: check
+CVE-2022-41594 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+	TODO: check
+CVE-2022-41593 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+	TODO: check
+CVE-2022-41592 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+	TODO: check
 CVE-2022-41591
 	RESERVED
 CVE-2022-41590
 	RESERVED
-CVE-2022-41589
-	RESERVED
-CVE-2022-41588
-	RESERVED
-CVE-2022-41587
-	RESERVED
-CVE-2022-41586
-	RESERVED
-CVE-2022-41585
-	RESERVED
-CVE-2022-41584
-	RESERVED
-CVE-2022-41583
-	RESERVED
-CVE-2022-41582
-	RESERVED
-CVE-2022-41581
-	RESERVED
-CVE-2022-41580
-	RESERVED
+CVE-2022-41589 (The DFX unwind stack module of the ArkCompiler has a vulnerability in  ...)
+	TODO: check
+CVE-2022-41588 (The home screen module has a vulnerability in service logic processing ...)
+	TODO: check
+CVE-2022-41587 (Uncaptured exceptions in the home screen module. Successful exploitati ...)
+	TODO: check
+CVE-2022-41586 (The communication framework module has a vulnerability of not truncati ...)
+	TODO: check
+CVE-2022-41585 (The kernel module has an out-of-bounds read vulnerability.Successful e ...)
+	TODO: check
+CVE-2022-41584 (The kernel module has an out-of-bounds read vulnerability.Successful e ...)
+	TODO: check
+CVE-2022-41583 (The storage maintenance and debugging module has an array out-of-bound ...)
+	TODO: check
+CVE-2022-41582 (The security module has configuration defects.Successful exploitation  ...)
+	TODO: check
+CVE-2022-41581 (The HW_KEYMASTER module has a vulnerability of not verifying the data  ...)
+	TODO: check
+CVE-2022-41580 (The HW_KEYMASTER module has a vulnerability of not verifying the data  ...)
+	TODO: check
 CVE-2022-41579
 	RESERVED
-CVE-2022-41578
-	RESERVED
-CVE-2022-41577
-	RESERVED
-CVE-2022-41576
-	RESERVED
+CVE-2022-41578 (The MPTCP module has an out-of-bounds write vulnerability.Successful e ...)
+	TODO: check
+CVE-2022-41577 (The kernel server has a vulnerability of not verifying the length of t ...)
+	TODO: check
+CVE-2022-41576 (The rphone module has a script that can be maliciously modified.Succes ...)
+	TODO: check
 CVE-2022-41575
 	RESERVED
 CVE-2022-41574 (An access-control vulnerability in Gradle Enterprise 2022.4 through 20 ...)
@@ -3156,10 +3240,10 @@ CVE-2022-27628
 	RESERVED
 CVE-2022-26375
 	RESERVED
-CVE-2021-46840
-	RESERVED
-CVE-2021-46839
-	RESERVED
+CVE-2021-46840 (The HW_KEYMASTER module has an out-of-bounds access vulnerability in p ...)
+	TODO: check
+CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds check on ...)
+	TODO: check
 CVE-2020-36605
 	RESERVED
 CVE-2022-41568
@@ -3478,8 +3562,8 @@ CVE-2022-41479
 	RESERVED
 CVE-2022-41478
 	RESERVED
-CVE-2022-41477
-	RESERVED
+CVE-2022-41477 (A security issue was discovered in WeBid <=1.2.2. A Server-Side Req ...)
+	TODO: check
 CVE-2022-41476
 	RESERVED
 CVE-2022-41475 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (C ...)
@@ -3948,20 +4032,20 @@ CVE-2022-41310
 	RESERVED
 CVE-2022-41309
 	RESERVED
-CVE-2022-41308
-	RESERVED
-CVE-2022-41307
-	RESERVED
-CVE-2022-41306
-	RESERVED
-CVE-2022-41305
-	RESERVED
-CVE-2022-41304
-	RESERVED
-CVE-2022-41303
-	RESERVED
-CVE-2022-41302
-	RESERVED
+CVE-2022-41308 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
+	TODO: check
+CVE-2022-41307 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
+	TODO: check
+CVE-2022-41306 (A maliciously crafted PCT file when consumed through DesignReview.exe  ...)
+	TODO: check
+CVE-2022-41305 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
+	TODO: check
+CVE-2022-41304 (An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version  ...)
+	TODO: check
+CVE-2022-41303 (A user may be tricked into opening a malicious FBX file which may expl ...)
+	TODO: check
+CVE-2022-41302 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020.  ...)
+	TODO: check
 CVE-2022-41301 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
 	NOT-FOR-US: Autodesk
 CVE-2022-41300
@@ -8520,8 +8604,8 @@ CVE-2022-39310
 	RESERVED
 CVE-2022-39309
 	RESERVED
-CVE-2022-39308
-	RESERVED
+CVE-2022-39308 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...)
+	TODO: check
 CVE-2022-39307
 	RESERVED
 CVE-2022-39306
@@ -9009,58 +9093,58 @@ CVE-2022-39130
 	RESERVED
 CVE-2022-39129
 	RESERVED
-CVE-2022-39128
-	RESERVED
-CVE-2022-39127
-	RESERVED
-CVE-2022-39126
-	RESERVED
-CVE-2022-39125
-	RESERVED
-CVE-2022-39124
-	RESERVED
-CVE-2022-39123
-	RESERVED
-CVE-2022-39122
-	RESERVED
-CVE-2022-39121
-	RESERVED
-CVE-2022-39120
-	RESERVED
+CVE-2022-39128 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2022-39127 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2022-39126 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2022-39125 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2022-39124 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2022-39123 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2022-39122 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2022-39121 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2022-39120 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+	TODO: check
 CVE-2022-39119 (In network service, there is a missing permission check. This could le ...)
 	NOT-FOR-US: Unisoc
 CVE-2022-39118
 	RESERVED
-CVE-2022-39117
-	RESERVED
+CVE-2022-39117 (In messaging service, there is a missing permission check. This could  ...)
+	TODO: check
 CVE-2022-39116
 	RESERVED
-CVE-2022-39115
-	RESERVED
-CVE-2022-39114
-	RESERVED
-CVE-2022-39113
-	RESERVED
-CVE-2022-39112
-	RESERVED
-CVE-2022-39111
-	RESERVED
-CVE-2022-39110
-	RESERVED
-CVE-2022-39109
-	RESERVED
-CVE-2022-39108
-	RESERVED
-CVE-2022-39107
-	RESERVED
+CVE-2022-39115 (In Music service, there is a missing permission check. This could lead ...)
+	TODO: check
+CVE-2022-39114 (In Music service, there is a missing permission check. This could lead ...)
+	TODO: check
+CVE-2022-39113 (In Music service, there is a missing permission check. This could lead ...)
+	TODO: check
+CVE-2022-39112 (In Music service, there is a missing permission check. This could lead ...)
+	TODO: check
+CVE-2022-39111 (In Music service, there is a missing permission check. This could lead ...)
+	TODO: check
+CVE-2022-39110 (In Music service, there is a missing permission check. This could lead ...)
+	TODO: check
+CVE-2022-39109 (In Music service, there is a missing permission check. This could lead ...)
+	TODO: check
+CVE-2022-39108 (In Music service, there is a missing permission check. This could lead ...)
+	TODO: check
+CVE-2022-39107 (In Soundrecorder service, there is a missing permission check. This co ...)
+	TODO: check
 CVE-2022-39106
 	RESERVED
-CVE-2022-39105
-	RESERVED
+CVE-2022-39105 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+	TODO: check
 CVE-2022-39104
 	RESERVED
-CVE-2022-39103
-	RESERVED
+CVE-2022-39103 (In Gallery service, there is a missing permission check. This could le ...)
+	TODO: check
 CVE-2022-39102
 	RESERVED
 CVE-2022-39101
@@ -9105,8 +9189,8 @@ CVE-2022-39082
 	RESERVED
 CVE-2022-39081
 	RESERVED
-CVE-2022-39080
-	RESERVED
+CVE-2022-39080 (In messaging service, there is a missing permission check. This could  ...)
+	TODO: check
 CVE-2022-3082
 	RESERVED
 CVE-2022-3081
@@ -9185,10 +9269,10 @@ CVE-2022-39067
 	RESERVED
 CVE-2022-39066
 	RESERVED
-CVE-2022-39065
-	RESERVED
-CVE-2022-39064
-	RESERVED
+CVE-2022-39065 (A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI ...)
+	TODO: check
+CVE-2022-39064 (An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame ma ...)
+	TODO: check
 CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment Request, it sto ...)
 	NOT-FOR-US: Open5GS UPF
 CVE-2022-39062
@@ -9420,8 +9504,8 @@ CVE-2022-39013 (Under certain conditions an authenticated attacker can get acces
 	NOT-FOR-US: SAP
 CVE-2022-39012
 	RESERVED
-CVE-2022-39011
-	RESERVED
+CVE-2022-39011 (The HISP module has a vulnerability of bypassing the check of the data ...)
+	TODO: check
 CVE-2022-39010 (The HwChrService module has a vulnerability in permission control. Suc ...)
 	NOT-FOR-US: Huawei
 CVE-2022-39009 (The WLAN module has a vulnerability in permission verification. Succes ...)
@@ -9446,8 +9530,8 @@ CVE-2022-39000 (The iAware module has a vulnerability in managing malicious apps
 	NOT-FOR-US: Huawei
 CVE-2022-38999 (The AOD module has the improper update of reference count vulnerabilit ...)
 	NOT-FOR-US: Huawei
-CVE-2022-38998
-	RESERVED
+CVE-2022-38998 (The HISP module has a vulnerability of not verifying the data transfer ...)
+	TODO: check
 CVE-2022-38997 (The secure OS module has configuration defects. Successful exploitatio ...)
 	NOT-FOR-US: Huawei
 CVE-2022-38996 (The secure OS module has configuration defects. Successful exploitatio ...)
@@ -9470,26 +9554,26 @@ CVE-2022-38988 (The secure OS module has configuration defects. Successful explo
 	NOT-FOR-US: Huawei
 CVE-2022-38987 (The secure OS module has configuration defects. Successful exploitatio ...)
 	NOT-FOR-US: Huawei
-CVE-2022-38986
-	RESERVED
-CVE-2022-38985
-	RESERVED
-CVE-2022-38984
-	RESERVED
-CVE-2022-38983
-	RESERVED
-CVE-2022-38982
-	RESERVED
-CVE-2022-38981
-	RESERVED
-CVE-2022-38980
-	RESERVED
+CVE-2022-38986 (The HIPP module has a vulnerability of bypassing the check of the data ...)
+	TODO: check
+CVE-2022-38985 (The facial recognition module has a vulnerability in input validation. ...)
+	TODO: check
+CVE-2022-38984 (The HIPP module has a vulnerability of not verifying the data transfer ...)
+	TODO: check
+CVE-2022-38983 (The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Succ ...)
+	TODO: check
+CVE-2022-38982 (The fingerprint module has service logic errors.Successful exploitatio ...)
+	TODO: check
+CVE-2022-38981 (The HwAirlink module has an out-of-bounds read vulnerability.Successfu ...)
+	TODO: check
+CVE-2022-38980 (The HwAirlink module has a heap overflow vulnerability in processing d ...)
+	TODO: check
 CVE-2022-38979 (The secure OS module has configuration defects. Successful exploitatio ...)
 	NOT-FOR-US: Huawei
 CVE-2022-38978 (The secure OS module has configuration defects. Successful exploitatio ...)
 	NOT-FOR-US: Huawei
-CVE-2022-38977
-	RESERVED
+CVE-2022-38977 (The HwAirlink module has a heap overflow vulnerability.Successful expl ...)
+	TODO: check
 CVE-2022-38970 (ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access C ...)
 	NOT-FOR-US: ieGeek IG20 hipcam RealServer
 CVE-2022-38969
@@ -10200,10 +10284,10 @@ CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Securit
 	NOT-FOR-US: SnapCenter (NetAPP)
 CVE-2022-38731
 	RESERVED
-CVE-2022-2985
-	RESERVED
-CVE-2022-2984
-	RESERVED
+CVE-2022-2985 (In music service, there is a missing permission check. This could lead ...)
+	TODO: check
+CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a missin ...)
+	TODO: check
 CVE-2022-2983
 	RESERVED
 CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260. ...)
@@ -10322,8 +10406,8 @@ CVE-2022-2964 (A flaw was found in the Linux kernel’s driver for the ASIX
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581 (5.17-rc4)
-CVE-2022-2963
-	RESERVED
+CVE-2022-2963 (A vulnerability found in jasper. This security vulnerability happens b ...)
+	TODO: check
 CVE-2022-2962 (A DMA reentrancy issue was found in the Tulip device emulation in QEMU ...)
 	- qemu 1:7.1+dfsg-2 (bug #1018055)
 	[bullseye] - qemu <no-dsa> (Minor issue)
@@ -10354,10 +10438,10 @@ CVE-2022-2954
 	RESERVED
 CVE-2022-38699 (Armoury Crate Service’s logging function has insufficient valida ...)
 	NOT-FOR-US: Armoury Crate Service
-CVE-2022-38698
-	RESERVED
-CVE-2022-38697
-	RESERVED
+CVE-2022-38698 (In messaging service, there is a missing permission check. This could  ...)
+	TODO: check
+CVE-2022-38697 (In messaging service, there is a missing permission check. This could  ...)
+	TODO: check
 CVE-2022-38696
 	RESERVED
 CVE-2022-38695
@@ -10370,14 +10454,14 @@ CVE-2022-38692
 	RESERVED
 CVE-2022-38691
 	RESERVED
-CVE-2022-38690
-	RESERVED
-CVE-2022-38689
-	RESERVED
-CVE-2022-38688
-	RESERVED
-CVE-2022-38687
-	RESERVED
+CVE-2022-38690 (In camera driver, there is a possible memory corruption due to imprope ...)
+	TODO: check
+CVE-2022-38689 (In telephony service, there is a missing permission check. This could  ...)
+	TODO: check
+CVE-2022-38688 (In telephony service, there is a missing permission check. This could  ...)
+	TODO: check
+CVE-2022-38687 (In messaging service, there is a missing permission check. This could  ...)
+	TODO: check
 CVE-2022-38686
 	RESERVED
 CVE-2022-38685
@@ -10392,28 +10476,28 @@ CVE-2022-38681
 	RESERVED
 CVE-2022-38680
 	RESERVED
-CVE-2022-38679
-	RESERVED
+CVE-2022-38679 (In music service, there is a missing permission check. This could lead ...)
+	TODO: check
 CVE-2022-38678
 	RESERVED
-CVE-2022-38677
-	RESERVED
-CVE-2022-38676
-	RESERVED
+CVE-2022-38677 (In cell service, there is a missing permission check. This could lead  ...)
+	TODO: check
+CVE-2022-38676 (In gpu driver, there is a possible out of bounds write due to a missin ...)
+	TODO: check
 CVE-2022-38675
 	RESERVED
 CVE-2022-38674
 	RESERVED
-CVE-2022-38673
-	RESERVED
-CVE-2022-38672
-	RESERVED
-CVE-2022-38671
-	RESERVED
-CVE-2022-38670
-	RESERVED
-CVE-2022-38669
-	RESERVED
+CVE-2022-38673 (In face detect driver, there is a possible out of bounds write due to  ...)
+	TODO: check
+CVE-2022-38672 (In face detect driver, there is a possible out of bounds write due to  ...)
+	TODO: check
+CVE-2022-38671 (In camera driver, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2022-38670 (In soundrecorder service, there is a missing permission check. This co ...)
+	TODO: check
+CVE-2022-38669 (In soundrecorder service, there is a missing permission check. This co ...)
+	TODO: check
 CVE-2022-38668 (HTTP applications (servers) based on Crow through 1.0+4 may reveal pot ...)
 	NOT-FOR-US: CrowCpp
 CVE-2022-38667 (HTTP applications (servers) based on Crow through 1.0+4 may allow a Us ...)
@@ -11260,8 +11344,7 @@ CVE-2022-2881 (The underlying bug might cause read past end of the buffer and ei
 	NOTE: https://kb.isc.org/docs/cve-2022-2881
 	NOTE: Exposed after (but not only requirement): https://gitlab.isc.org/isc-projects/bind9/-/commit/69c1ee1ce9f801aaa082bb3abf5969b46699f70a (v9_17_4)
 	NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/13333db69f9b9710a98c86f44276e01e95420fa0 (v9_18_7)
-CVE-2022-2880
-	RESERVED
+CVE-2022-2880 (Requests forwarded by ReverseProxy include the raw query parameters fr ...)
 	- golang-1.19 1.19.2-1
 	- golang-1.18 1.18.7-1
 	- golang-1.17 <unfixed>
@@ -11270,8 +11353,7 @@ CVE-2022-2880
 	NOTE: https://go.dev/issue/54663
 	NOTE: https://github.com/golang/go/commit/f6d844510d5f1e3b3098eba255d9b633d45eac3b (go1.19.2)
 	NOTE: https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e (go1.18.7)
-CVE-2022-2879
-	RESERVED
+CVE-2022-2879 (Reader.Read does not set a limit on the maximum size of file headers.  ...)
 	- golang-1.19 1.19.2-1
 	- golang-1.18 1.18.7-1
 	- golang-1.17 <unfixed>
@@ -11436,8 +11518,7 @@ CVE-2022-38369 (Apache IoTDB version 0.13.0 is vulnerable by session id attack.
 	NOT-FOR-US: Apache IoTDB
 CVE-2022-2851
 	RESERVED
-CVE-2022-2850 [SIGSEGV in sync_repl]
-	RESERVED
+CVE-2022-2850 (A flaw was found In 389-ds-base. When the Content Synchronization plug ...)
 	- 389-ds-base <unfixed> (bug #1018054)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2118691
 	NOTE: https://github.com/389ds/389-ds-base/issues/4711#issuecomment-1205100979
@@ -13374,10 +13455,10 @@ CVE-2022-37605
 	RESERVED
 CVE-2022-37604
 	RESERVED
-CVE-2022-37603
-	RESERVED
-CVE-2022-37602
-	RESERVED
+CVE-2022-37603 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...)
+	TODO: check
+CVE-2022-37602 (Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 vi ...)
+	TODO: check
 CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in parseQuery ...)
 	TODO: check
 CVE-2022-37600
@@ -20066,46 +20147,46 @@ CVE-2022-35060 (OTFCC commit 617837b was discovered to contain a heap buffer ove
 	[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
 	[buster] - texlive-bin <not-affected> (Vulnerable code not present)
 	NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
-CVE-2022-35059
-	RESERVED
-CVE-2022-35058
-	RESERVED
+CVE-2022-35059 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35058 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
 CVE-2022-35057
 	RESERVED
-CVE-2022-35056
-	RESERVED
-CVE-2022-35055
-	RESERVED
-CVE-2022-35054
-	RESERVED
-CVE-2022-35053
-	RESERVED
-CVE-2022-35052
-	RESERVED
-CVE-2022-35051
-	RESERVED
-CVE-2022-35050
-	RESERVED
-CVE-2022-35049
-	RESERVED
-CVE-2022-35048
-	RESERVED
-CVE-2022-35047
-	RESERVED
-CVE-2022-35046
-	RESERVED
-CVE-2022-35045
-	RESERVED
-CVE-2022-35044
-	RESERVED
-CVE-2022-35043
-	RESERVED
-CVE-2022-35042
-	RESERVED
-CVE-2022-35041
-	RESERVED
-CVE-2022-35040
-	RESERVED
+CVE-2022-35056 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35055 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35054 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35053 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35052 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35051 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35050 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35049 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35048 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35047 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35046 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35045 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35044 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35043 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35042 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35041 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
+CVE-2022-35040 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
+	TODO: check
 CVE-2022-35039 (OTFCC commit 617837b was discovered to contain a heap buffer overflow  ...)
 	- texlive-bin <unfixed> (unimportant)
 	[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
@@ -27858,8 +27939,7 @@ CVE-2022-32151 (The httplib and urllib Python libraries that Splunk shipped with
 	NOT-FOR-US: Splunk
 CVE-2022-32150
 	RESERVED
-CVE-2022-32149
-	RESERVED
+CVE-2022-32149 (An attacker may cause a denial of service by crafting an Accept-Langua ...)
 	- golang-golang-x-text <unfixed> (bug #1021785)
 	NOTE: https://groups.google.com/g/golang-dev/c/qfPIly0X7aU.
 	NOTE: https://go.dev/issue/56152.
@@ -37873,14 +37953,14 @@ CVE-2022-28764
 	RESERVED
 CVE-2022-28763
 	RESERVED
-CVE-2022-28762
-	RESERVED
-CVE-2022-28761
-	RESERVED
-CVE-2022-28760
-	RESERVED
-CVE-2022-28759
-	RESERVED
+CVE-2022-28762 (Zoom Client for Meetings for macOS (Standard and for IT Admin) startin ...)
+	TODO: check
+CVE-2022-28761 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131  ...)
+	TODO: check
+CVE-2022-28760 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130  ...)
+	TODO: check
+CVE-2022-28759 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130  ...)
+	TODO: check
 CVE-2022-28758 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130  ...)
 	NOT-FOR-US: Zoom
 CVE-2022-28757 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...)
@@ -72661,8 +72741,8 @@ CVE-2022-20466
 	RESERVED
 CVE-2022-20465
 	RESERVED
-CVE-2022-20464
-	RESERVED
+CVE-2022-20464 (In various functions of ap_input_processor.c, there is a possible way  ...)
+	TODO: check
 CVE-2022-20463
 	RESERVED
 CVE-2022-20462
@@ -72815,8 +72895,8 @@ CVE-2022-20399 (In the SEPolicy configuration of system apps, there is a possibl
 	NOT-FOR-US: Android
 CVE-2022-20398 (In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way ...)
 	NOT-FOR-US: Android
-CVE-2022-20397
-	RESERVED
+CVE-2022-20397 (In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of ...)
+	TODO: check
 CVE-2022-20396 (In SettingsActivity.java, there is a possible way to make a device dis ...)
 	NOT-FOR-US: Android
 CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file deletio ...)
@@ -89598,7 +89678,7 @@ CVE-2021-36203 (The affected product may allow an attacker to identify and forge
 	NOT-FOR-US: Johnson Controls
 CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...)
 	NOT-FOR-US: Johnson Controls Metasys
-CVE-2021-36201 (Under certain circumstances a C•CURE Portal user could enumerate ...)
+CVE-2021-36201 (Under certain circumstances a CCURE Portal user could enumerate user a ...)
 	TODO: check
 CVE-2021-36200 (Under certain circumstances an unauthenticated user could access the t ...)
 	NOT-FOR-US: Johnson Controls
@@ -104321,7 +104401,7 @@ CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c
 	NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/ab04483ee1a846d6b74b2e6248e980152baec3f6 (v0.99.beta20)
 CVE-2021-30497 (Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users t ...)
 	NOT-FOR-US: Ivanti
-CVE-2021-30496 (The Telegram app 7.6.2 for iOS allows remote authenticated users to ca ...)
+CVE-2021-30496 (** DISPUTED ** The Telegram app 7.6.2 for iOS allows remote authentica ...)
 	NOT-FOR-US: Telegram for iOS
 CVE-2021-30495
 	RESERVED
@@ -112111,8 +112191,8 @@ CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read, whi
 	NOT-FOR-US: Welch Allyn
 CVE-2021-27407
 	RESERVED
-CVE-2021-27406
-	RESERVED
+CVE-2021-27406 (An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1 ...)
+	TODO: check
 CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...)
 	NOT-FOR-US: Node scrapbox-parser
 CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...)
@@ -123692,8 +123772,8 @@ CVE-2021-3021 (ISPConfig before 3.2.2 allows SQL injection. ...)
 CVE-2021-3020 (An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) throu ...)
 	- hawk <itp> (bug #634344)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1180571 (private)
-CVE-2021-22685
-	RESERVED
+CVE-2021-22685 (An attacker may be able to use minify route with a relative path to vi ...)
+	TODO: check
 CVE-2021-22684 (Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in  ...)
 	NOT-FOR-US: Tizen RT RTOS
 CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
@@ -130248,7 +130328,7 @@ CVE-2021-20601 (Improper input validation vulnerability in GOT2000 series GT27 m
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20600 (Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R s ...)
 	NOT-FOR-US: Mitsubishi
-CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...)
+CVE-2021-20599 (Cleartext transmission of sensitive information vulnerability in MELSE ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...)
 	NOT-FOR-US: Mitsubishi
@@ -140142,8 +140222,8 @@ CVE-2021-0701
 	RESERVED
 CVE-2021-0700
 	RESERVED
-CVE-2021-0699
-	RESERVED
+CVE-2021-0699 (In HTBLogKM of TBD, there is a possible out of bounds write due to a m ...)
+	TODO: check
 CVE-2021-0698 (In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel  ...)
 	NOT-FOR-US: Android
 CVE-2021-0697 (In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible use ...)
@@ -192834,7 +192914,7 @@ CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The
 	NOT-FOR-US: phpoffice/phpspreadsheet
 CVE-2020-7775 (This affects all versions of package freediskspace. The vulnerability  ...)
 	NOT-FOR-US: Node freediskspace
-CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po ...)
+CVE-2020-7774 (The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Proto ...)
 	- node-y18n 4.0.0-3 (bug #976390)
 	[buster] - node-y18n 3.2.1-2+deb10u1
 	[stretch] - node-y18n <end-of-life> (Nodejs in stretch not covered by security support)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99dfb1f58a33581ea36bdb3dacab0c29c68f6c72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99dfb1f58a33581ea36bdb3dacab0c29c68f6c72
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221014/2d67df42/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list