[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 14 21:10:37 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99dfb1f5 by security tracker role at 2022-10-14T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,95 @@
-CVE-2022-42919
+CVE-2022-42948
+ RESERVED
+CVE-2022-42947
+ RESERVED
+CVE-2022-42946
+ RESERVED
+CVE-2022-42945
+ RESERVED
+CVE-2022-42944
+ RESERVED
+CVE-2022-42943
+ RESERVED
+CVE-2022-42942
+ RESERVED
+CVE-2022-42941
+ RESERVED
+CVE-2022-42940
+ RESERVED
+CVE-2022-42939
+ RESERVED
+CVE-2022-42938
+ RESERVED
+CVE-2022-42937
+ RESERVED
+CVE-2022-42936
+ RESERVED
+CVE-2022-42935
+ RESERVED
+CVE-2022-42934
+ RESERVED
+CVE-2022-42933
+ RESERVED
+CVE-2022-42932
+ RESERVED
+CVE-2022-42931
+ RESERVED
+CVE-2022-42930
+ RESERVED
+CVE-2022-42929
RESERVED
-CVE-2022-3503
+CVE-2022-42928
RESERVED
-CVE-2022-3502
+CVE-2022-42927
RESERVED
+CVE-2022-42926
+ RESERVED
+CVE-2022-42925
+ RESERVED
+CVE-2022-42924
+ RESERVED
+CVE-2022-42923
+ RESERVED
+CVE-2022-42922
+ RESERVED
+CVE-2022-42921
+ RESERVED
+CVE-2022-42920
+ RESERVED
+CVE-2022-3517
+ RESERVED
+CVE-2022-3516
+ RESERVED
+CVE-2022-3515
+ RESERVED
+CVE-2022-3514
+ RESERVED
+CVE-2022-3513
+ RESERVED
+CVE-2022-3512
+ RESERVED
+CVE-2022-3511
+ RESERVED
+CVE-2022-3510
+ RESERVED
+CVE-2022-3509
+ RESERVED
+CVE-2022-3508
+ RESERVED
+CVE-2022-3507
+ RESERVED
+CVE-2022-3506 (Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/re ...)
+ TODO: check
+CVE-2022-3505 (A vulnerability was found in SourceCodester Sanitization Management Sy ...)
+ TODO: check
+CVE-2022-3504 (A vulnerability was found in SourceCodester Sanitization Management Sy ...)
+ TODO: check
+CVE-2022-42919
+ RESERVED
+CVE-2022-3503 (A vulnerability was found in SourceCodester Purchase Order Management ...)
+ TODO: check
+CVE-2022-3502 (A vulnerability was found in Human Resource Management System 1.0. It ...)
+ TODO: check
CVE-2022-3501
RESERVED
CVE-2022-3500
@@ -70,8 +156,7 @@ CVE-2022-3481
RESERVED
CVE-2022-3480
RESERVED
-CVE-2022-3479
- RESERVED
+CVE-2022-3479 (A vulnerability found in nss. By this security vulnerability, nss clie ...)
- nss <unfixed> (bug #1021786)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1774654
CVE-2022-42907
@@ -527,8 +612,8 @@ CVE-2022-3441
RESERVED
CVE-2022-3440
RESERVED
-CVE-2022-3439
- RESERVED
+CVE-2022-3439 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
+ TODO: check
CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-42731 (mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows ...)
@@ -619,14 +704,14 @@ CVE-2022-42703 (mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2351
CVE-2022-3436 (A vulnerability classified as critical was found in SourceCodester Web ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
-CVE-2022-42488
- RESERVED
-CVE-2022-42464
- RESERVED
-CVE-2022-42463
- RESERVED
-CVE-2022-41686
- RESERVED
+CVE-2022-42488 (OpenHarmony-v3.1.2 and prior versions have a Missing permission valida ...)
+ TODO: check
+CVE-2022-42464 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a ...)
+ TODO: check
+CVE-2022-42463 (OpenHarmony-v3.1.2 and prior versions have an authenication bypass vul ...)
+ TODO: check
+CVE-2022-41686 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a ...)
+ TODO: check
CVE-2022-3434 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
CVE-2022-3435 (A vulnerability classified as problematic has been found in Linux Kern ...)
@@ -1651,12 +1736,12 @@ CVE-2022-42236 (A Stored XSS issue in Merchandise Online Store v.1.0 allows to i
NOT-FOR-US: Merchandise Online Store
CVE-2022-42235 (A Stored XSS issue in Student Clearance System v.1.0 allows the inject ...)
NOT-FOR-US: Student Clearance System
-CVE-2022-42234
- RESERVED
+CVE-2022-42234 (There is a file inclusion vulnerability in the template management mod ...)
+ TODO: check
CVE-2022-42233
RESERVED
-CVE-2022-42232
- RESERVED
+CVE-2022-42232 (Simple Cold Storage Management System v1.0 is vulnerable to SQL Inject ...)
+ TODO: check
CVE-2022-42231
RESERVED
CVE-2022-42230 (Simple Cold Storage Management System v1.0 is vulnerable to SQL Inject ...)
@@ -1977,22 +2062,22 @@ CVE-2022-42073 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQ
NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-42072
RESERVED
-CVE-2022-42071
- RESERVED
-CVE-2022-42070
- RESERVED
-CVE-2022-42069
- RESERVED
+CVE-2022-42071 (Online Birth Certificate Management System version 1.0 suffers from a ...)
+ TODO: check
+CVE-2022-42070 (Online Birth Certificate Management System version 1.0 is vulnerable t ...)
+ TODO: check
+CVE-2022-42069 (Online Birth Certificate Management System version 1.0 suffers from a ...)
+ TODO: check
CVE-2022-42068
RESERVED
-CVE-2022-42067
- RESERVED
-CVE-2022-42066
- RESERVED
+CVE-2022-42067 (Online Birth Certificate Management System version 1.0 suffers from an ...)
+ TODO: check
+CVE-2022-42066 (Online Examination System version 1.0 suffers from a cross site script ...)
+ TODO: check
CVE-2022-42065
RESERVED
-CVE-2022-42064
- RESERVED
+CVE-2022-42064 (Online Diagnostic Lab Management System version 1.0 remote exploit tha ...)
+ TODO: check
CVE-2022-42063
RESERVED
CVE-2022-42062
@@ -2811,8 +2896,7 @@ CVE-2022-41717
RESERVED
CVE-2022-41716
RESERVED
-CVE-2022-41715
- RESERVED
+CVE-2022-41715 (Programs which compile regular expressions from untrusted sources may ...)
- golang-1.19 1.19.2-1
- golang-1.18 1.18.7-1
- golang-1.17 <unfixed>
@@ -2977,62 +3061,62 @@ CVE-2022-41605
RESERVED
CVE-2022-41604 (Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows lo ...)
NOT-FOR-US: Check Point ZoneAlarm Extreme Security
-CVE-2022-41603
- RESERVED
-CVE-2022-41602
- RESERVED
-CVE-2022-41601
- RESERVED
-CVE-2022-41600
- RESERVED
+CVE-2022-41603 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+ TODO: check
+CVE-2022-41602 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+ TODO: check
+CVE-2022-41601 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+ TODO: check
+CVE-2022-41600 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+ TODO: check
CVE-2022-41599
RESERVED
-CVE-2022-41598
- RESERVED
-CVE-2022-41597
- RESERVED
+CVE-2022-41598 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+ TODO: check
+CVE-2022-41597 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+ TODO: check
CVE-2022-41596
RESERVED
-CVE-2022-41595
- RESERVED
-CVE-2022-41594
- RESERVED
-CVE-2022-41593
- RESERVED
-CVE-2022-41592
- RESERVED
+CVE-2022-41595 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+ TODO: check
+CVE-2022-41594 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+ TODO: check
+CVE-2022-41593 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+ TODO: check
+CVE-2022-41592 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
+ TODO: check
CVE-2022-41591
RESERVED
CVE-2022-41590
RESERVED
-CVE-2022-41589
- RESERVED
-CVE-2022-41588
- RESERVED
-CVE-2022-41587
- RESERVED
-CVE-2022-41586
- RESERVED
-CVE-2022-41585
- RESERVED
-CVE-2022-41584
- RESERVED
-CVE-2022-41583
- RESERVED
-CVE-2022-41582
- RESERVED
-CVE-2022-41581
- RESERVED
-CVE-2022-41580
- RESERVED
+CVE-2022-41589 (The DFX unwind stack module of the ArkCompiler has a vulnerability in ...)
+ TODO: check
+CVE-2022-41588 (The home screen module has a vulnerability in service logic processing ...)
+ TODO: check
+CVE-2022-41587 (Uncaptured exceptions in the home screen module. Successful exploitati ...)
+ TODO: check
+CVE-2022-41586 (The communication framework module has a vulnerability of not truncati ...)
+ TODO: check
+CVE-2022-41585 (The kernel module has an out-of-bounds read vulnerability.Successful e ...)
+ TODO: check
+CVE-2022-41584 (The kernel module has an out-of-bounds read vulnerability.Successful e ...)
+ TODO: check
+CVE-2022-41583 (The storage maintenance and debugging module has an array out-of-bound ...)
+ TODO: check
+CVE-2022-41582 (The security module has configuration defects.Successful exploitation ...)
+ TODO: check
+CVE-2022-41581 (The HW_KEYMASTER module has a vulnerability of not verifying the data ...)
+ TODO: check
+CVE-2022-41580 (The HW_KEYMASTER module has a vulnerability of not verifying the data ...)
+ TODO: check
CVE-2022-41579
RESERVED
-CVE-2022-41578
- RESERVED
-CVE-2022-41577
- RESERVED
-CVE-2022-41576
- RESERVED
+CVE-2022-41578 (The MPTCP module has an out-of-bounds write vulnerability.Successful e ...)
+ TODO: check
+CVE-2022-41577 (The kernel server has a vulnerability of not verifying the length of t ...)
+ TODO: check
+CVE-2022-41576 (The rphone module has a script that can be maliciously modified.Succes ...)
+ TODO: check
CVE-2022-41575
RESERVED
CVE-2022-41574 (An access-control vulnerability in Gradle Enterprise 2022.4 through 20 ...)
@@ -3156,10 +3240,10 @@ CVE-2022-27628
RESERVED
CVE-2022-26375
RESERVED
-CVE-2021-46840
- RESERVED
-CVE-2021-46839
- RESERVED
+CVE-2021-46840 (The HW_KEYMASTER module has an out-of-bounds access vulnerability in p ...)
+ TODO: check
+CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds check on ...)
+ TODO: check
CVE-2020-36605
RESERVED
CVE-2022-41568
@@ -3478,8 +3562,8 @@ CVE-2022-41479
RESERVED
CVE-2022-41478
RESERVED
-CVE-2022-41477
- RESERVED
+CVE-2022-41477 (A security issue was discovered in WeBid <=1.2.2. A Server-Side Req ...)
+ TODO: check
CVE-2022-41476
RESERVED
CVE-2022-41475 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (C ...)
@@ -3948,20 +4032,20 @@ CVE-2022-41310
RESERVED
CVE-2022-41309
RESERVED
-CVE-2022-41308
- RESERVED
-CVE-2022-41307
- RESERVED
-CVE-2022-41306
- RESERVED
-CVE-2022-41305
- RESERVED
-CVE-2022-41304
- RESERVED
-CVE-2022-41303
- RESERVED
-CVE-2022-41302
- RESERVED
+CVE-2022-41308 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
+ TODO: check
+CVE-2022-41307 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
+ TODO: check
+CVE-2022-41306 (A maliciously crafted PCT file when consumed through DesignReview.exe ...)
+ TODO: check
+CVE-2022-41305 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
+ TODO: check
+CVE-2022-41304 (An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version ...)
+ TODO: check
+CVE-2022-41303 (A user may be tricked into opening a malicious FBX file which may expl ...)
+ TODO: check
+CVE-2022-41302 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. ...)
+ TODO: check
CVE-2022-41301 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
NOT-FOR-US: Autodesk
CVE-2022-41300
@@ -8520,8 +8604,8 @@ CVE-2022-39310
RESERVED
CVE-2022-39309
RESERVED
-CVE-2022-39308
- RESERVED
+CVE-2022-39308 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...)
+ TODO: check
CVE-2022-39307
RESERVED
CVE-2022-39306
@@ -9009,58 +9093,58 @@ CVE-2022-39130
RESERVED
CVE-2022-39129
RESERVED
-CVE-2022-39128
- RESERVED
-CVE-2022-39127
- RESERVED
-CVE-2022-39126
- RESERVED
-CVE-2022-39125
- RESERVED
-CVE-2022-39124
- RESERVED
-CVE-2022-39123
- RESERVED
-CVE-2022-39122
- RESERVED
-CVE-2022-39121
- RESERVED
-CVE-2022-39120
- RESERVED
+CVE-2022-39128 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-39127 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-39126 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-39125 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-39124 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-39123 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-39122 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-39121 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-39120 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
CVE-2022-39119 (In network service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
CVE-2022-39118
RESERVED
-CVE-2022-39117
- RESERVED
+CVE-2022-39117 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
CVE-2022-39116
RESERVED
-CVE-2022-39115
- RESERVED
-CVE-2022-39114
- RESERVED
-CVE-2022-39113
- RESERVED
-CVE-2022-39112
- RESERVED
-CVE-2022-39111
- RESERVED
-CVE-2022-39110
- RESERVED
-CVE-2022-39109
- RESERVED
-CVE-2022-39108
- RESERVED
-CVE-2022-39107
- RESERVED
+CVE-2022-39115 (In Music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-39114 (In Music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-39113 (In Music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-39112 (In Music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-39111 (In Music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-39110 (In Music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-39109 (In Music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-39108 (In Music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-39107 (In Soundrecorder service, there is a missing permission check. This co ...)
+ TODO: check
CVE-2022-39106
RESERVED
-CVE-2022-39105
- RESERVED
+CVE-2022-39105 (In sensor driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
CVE-2022-39104
RESERVED
-CVE-2022-39103
- RESERVED
+CVE-2022-39103 (In Gallery service, there is a missing permission check. This could le ...)
+ TODO: check
CVE-2022-39102
RESERVED
CVE-2022-39101
@@ -9105,8 +9189,8 @@ CVE-2022-39082
RESERVED
CVE-2022-39081
RESERVED
-CVE-2022-39080
- RESERVED
+CVE-2022-39080 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
CVE-2022-3082
RESERVED
CVE-2022-3081
@@ -9185,10 +9269,10 @@ CVE-2022-39067
RESERVED
CVE-2022-39066
RESERVED
-CVE-2022-39065
- RESERVED
-CVE-2022-39064
- RESERVED
+CVE-2022-39065 (A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI ...)
+ TODO: check
+CVE-2022-39064 (An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame ma ...)
+ TODO: check
CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment Request, it sto ...)
NOT-FOR-US: Open5GS UPF
CVE-2022-39062
@@ -9420,8 +9504,8 @@ CVE-2022-39013 (Under certain conditions an authenticated attacker can get acces
NOT-FOR-US: SAP
CVE-2022-39012
RESERVED
-CVE-2022-39011
- RESERVED
+CVE-2022-39011 (The HISP module has a vulnerability of bypassing the check of the data ...)
+ TODO: check
CVE-2022-39010 (The HwChrService module has a vulnerability in permission control. Suc ...)
NOT-FOR-US: Huawei
CVE-2022-39009 (The WLAN module has a vulnerability in permission verification. Succes ...)
@@ -9446,8 +9530,8 @@ CVE-2022-39000 (The iAware module has a vulnerability in managing malicious apps
NOT-FOR-US: Huawei
CVE-2022-38999 (The AOD module has the improper update of reference count vulnerabilit ...)
NOT-FOR-US: Huawei
-CVE-2022-38998
- RESERVED
+CVE-2022-38998 (The HISP module has a vulnerability of not verifying the data transfer ...)
+ TODO: check
CVE-2022-38997 (The secure OS module has configuration defects. Successful exploitatio ...)
NOT-FOR-US: Huawei
CVE-2022-38996 (The secure OS module has configuration defects. Successful exploitatio ...)
@@ -9470,26 +9554,26 @@ CVE-2022-38988 (The secure OS module has configuration defects. Successful explo
NOT-FOR-US: Huawei
CVE-2022-38987 (The secure OS module has configuration defects. Successful exploitatio ...)
NOT-FOR-US: Huawei
-CVE-2022-38986
- RESERVED
-CVE-2022-38985
- RESERVED
-CVE-2022-38984
- RESERVED
-CVE-2022-38983
- RESERVED
-CVE-2022-38982
- RESERVED
-CVE-2022-38981
- RESERVED
-CVE-2022-38980
- RESERVED
+CVE-2022-38986 (The HIPP module has a vulnerability of bypassing the check of the data ...)
+ TODO: check
+CVE-2022-38985 (The facial recognition module has a vulnerability in input validation. ...)
+ TODO: check
+CVE-2022-38984 (The HIPP module has a vulnerability of not verifying the data transfer ...)
+ TODO: check
+CVE-2022-38983 (The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Succ ...)
+ TODO: check
+CVE-2022-38982 (The fingerprint module has service logic errors.Successful exploitatio ...)
+ TODO: check
+CVE-2022-38981 (The HwAirlink module has an out-of-bounds read vulnerability.Successfu ...)
+ TODO: check
+CVE-2022-38980 (The HwAirlink module has a heap overflow vulnerability in processing d ...)
+ TODO: check
CVE-2022-38979 (The secure OS module has configuration defects. Successful exploitatio ...)
NOT-FOR-US: Huawei
CVE-2022-38978 (The secure OS module has configuration defects. Successful exploitatio ...)
NOT-FOR-US: Huawei
-CVE-2022-38977
- RESERVED
+CVE-2022-38977 (The HwAirlink module has a heap overflow vulnerability.Successful expl ...)
+ TODO: check
CVE-2022-38970 (ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access C ...)
NOT-FOR-US: ieGeek IG20 hipcam RealServer
CVE-2022-38969
@@ -10200,10 +10284,10 @@ CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Securit
NOT-FOR-US: SnapCenter (NetAPP)
CVE-2022-38731
RESERVED
-CVE-2022-2985
- RESERVED
-CVE-2022-2984
- RESERVED
+CVE-2022-2985 (In music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a missin ...)
+ TODO: check
CVE-2022-2983
RESERVED
CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260. ...)
@@ -10322,8 +10406,8 @@ CVE-2022-2964 (A flaw was found in the Linux kernel’s driver for the ASIX
[bullseye] - linux 5.10.103-1
[buster] - linux 4.19.232-1
NOTE: https://git.kernel.org/linus/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581 (5.17-rc4)
-CVE-2022-2963
- RESERVED
+CVE-2022-2963 (A vulnerability found in jasper. This security vulnerability happens b ...)
+ TODO: check
CVE-2022-2962 (A DMA reentrancy issue was found in the Tulip device emulation in QEMU ...)
- qemu 1:7.1+dfsg-2 (bug #1018055)
[bullseye] - qemu <no-dsa> (Minor issue)
@@ -10354,10 +10438,10 @@ CVE-2022-2954
RESERVED
CVE-2022-38699 (Armoury Crate Service’s logging function has insufficient valida ...)
NOT-FOR-US: Armoury Crate Service
-CVE-2022-38698
- RESERVED
-CVE-2022-38697
- RESERVED
+CVE-2022-38698 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2022-38697 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
CVE-2022-38696
RESERVED
CVE-2022-38695
@@ -10370,14 +10454,14 @@ CVE-2022-38692
RESERVED
CVE-2022-38691
RESERVED
-CVE-2022-38690
- RESERVED
-CVE-2022-38689
- RESERVED
-CVE-2022-38688
- RESERVED
-CVE-2022-38687
- RESERVED
+CVE-2022-38690 (In camera driver, there is a possible memory corruption due to imprope ...)
+ TODO: check
+CVE-2022-38689 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2022-38688 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2022-38687 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
CVE-2022-38686
RESERVED
CVE-2022-38685
@@ -10392,28 +10476,28 @@ CVE-2022-38681
RESERVED
CVE-2022-38680
RESERVED
-CVE-2022-38679
- RESERVED
+CVE-2022-38679 (In music service, there is a missing permission check. This could lead ...)
+ TODO: check
CVE-2022-38678
RESERVED
-CVE-2022-38677
- RESERVED
-CVE-2022-38676
- RESERVED
+CVE-2022-38677 (In cell service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-38676 (In gpu driver, there is a possible out of bounds write due to a missin ...)
+ TODO: check
CVE-2022-38675
RESERVED
CVE-2022-38674
RESERVED
-CVE-2022-38673
- RESERVED
-CVE-2022-38672
- RESERVED
-CVE-2022-38671
- RESERVED
-CVE-2022-38670
- RESERVED
-CVE-2022-38669
- RESERVED
+CVE-2022-38673 (In face detect driver, there is a possible out of bounds write due to ...)
+ TODO: check
+CVE-2022-38672 (In face detect driver, there is a possible out of bounds write due to ...)
+ TODO: check
+CVE-2022-38671 (In camera driver, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-38670 (In soundrecorder service, there is a missing permission check. This co ...)
+ TODO: check
+CVE-2022-38669 (In soundrecorder service, there is a missing permission check. This co ...)
+ TODO: check
CVE-2022-38668 (HTTP applications (servers) based on Crow through 1.0+4 may reveal pot ...)
NOT-FOR-US: CrowCpp
CVE-2022-38667 (HTTP applications (servers) based on Crow through 1.0+4 may allow a Us ...)
@@ -11260,8 +11344,7 @@ CVE-2022-2881 (The underlying bug might cause read past end of the buffer and ei
NOTE: https://kb.isc.org/docs/cve-2022-2881
NOTE: Exposed after (but not only requirement): https://gitlab.isc.org/isc-projects/bind9/-/commit/69c1ee1ce9f801aaa082bb3abf5969b46699f70a (v9_17_4)
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/13333db69f9b9710a98c86f44276e01e95420fa0 (v9_18_7)
-CVE-2022-2880
- RESERVED
+CVE-2022-2880 (Requests forwarded by ReverseProxy include the raw query parameters fr ...)
- golang-1.19 1.19.2-1
- golang-1.18 1.18.7-1
- golang-1.17 <unfixed>
@@ -11270,8 +11353,7 @@ CVE-2022-2880
NOTE: https://go.dev/issue/54663
NOTE: https://github.com/golang/go/commit/f6d844510d5f1e3b3098eba255d9b633d45eac3b (go1.19.2)
NOTE: https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e (go1.18.7)
-CVE-2022-2879
- RESERVED
+CVE-2022-2879 (Reader.Read does not set a limit on the maximum size of file headers. ...)
- golang-1.19 1.19.2-1
- golang-1.18 1.18.7-1
- golang-1.17 <unfixed>
@@ -11436,8 +11518,7 @@ CVE-2022-38369 (Apache IoTDB version 0.13.0 is vulnerable by session id attack.
NOT-FOR-US: Apache IoTDB
CVE-2022-2851
RESERVED
-CVE-2022-2850 [SIGSEGV in sync_repl]
- RESERVED
+CVE-2022-2850 (A flaw was found In 389-ds-base. When the Content Synchronization plug ...)
- 389-ds-base <unfixed> (bug #1018054)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2118691
NOTE: https://github.com/389ds/389-ds-base/issues/4711#issuecomment-1205100979
@@ -13374,10 +13455,10 @@ CVE-2022-37605
RESERVED
CVE-2022-37604
RESERVED
-CVE-2022-37603
- RESERVED
-CVE-2022-37602
- RESERVED
+CVE-2022-37603 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...)
+ TODO: check
+CVE-2022-37602 (Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 vi ...)
+ TODO: check
CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in parseQuery ...)
TODO: check
CVE-2022-37600
@@ -20066,46 +20147,46 @@ CVE-2022-35060 (OTFCC commit 617837b was discovered to contain a heap buffer ove
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
[buster] - texlive-bin <not-affected> (Vulnerable code not present)
NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602
-CVE-2022-35059
- RESERVED
-CVE-2022-35058
- RESERVED
+CVE-2022-35059 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35058 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
CVE-2022-35057
RESERVED
-CVE-2022-35056
- RESERVED
-CVE-2022-35055
- RESERVED
-CVE-2022-35054
- RESERVED
-CVE-2022-35053
- RESERVED
-CVE-2022-35052
- RESERVED
-CVE-2022-35051
- RESERVED
-CVE-2022-35050
- RESERVED
-CVE-2022-35049
- RESERVED
-CVE-2022-35048
- RESERVED
-CVE-2022-35047
- RESERVED
-CVE-2022-35046
- RESERVED
-CVE-2022-35045
- RESERVED
-CVE-2022-35044
- RESERVED
-CVE-2022-35043
- RESERVED
-CVE-2022-35042
- RESERVED
-CVE-2022-35041
- RESERVED
-CVE-2022-35040
- RESERVED
+CVE-2022-35056 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35055 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35054 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35053 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35052 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35051 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35050 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35049 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35048 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35047 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35046 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35045 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35044 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35043 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35042 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35041 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35040 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
CVE-2022-35039 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
- texlive-bin <unfixed> (unimportant)
[bullseye] - texlive-bin <not-affected> (Vulnerable code not present)
@@ -27858,8 +27939,7 @@ CVE-2022-32151 (The httplib and urllib Python libraries that Splunk shipped with
NOT-FOR-US: Splunk
CVE-2022-32150
RESERVED
-CVE-2022-32149
- RESERVED
+CVE-2022-32149 (An attacker may cause a denial of service by crafting an Accept-Langua ...)
- golang-golang-x-text <unfixed> (bug #1021785)
NOTE: https://groups.google.com/g/golang-dev/c/qfPIly0X7aU.
NOTE: https://go.dev/issue/56152.
@@ -37873,14 +37953,14 @@ CVE-2022-28764
RESERVED
CVE-2022-28763
RESERVED
-CVE-2022-28762
- RESERVED
-CVE-2022-28761
- RESERVED
-CVE-2022-28760
- RESERVED
-CVE-2022-28759
- RESERVED
+CVE-2022-28762 (Zoom Client for Meetings for macOS (Standard and for IT Admin) startin ...)
+ TODO: check
+CVE-2022-28761 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 ...)
+ TODO: check
+CVE-2022-28760 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...)
+ TODO: check
+CVE-2022-28759 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...)
+ TODO: check
CVE-2022-28758 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...)
NOT-FOR-US: Zoom
CVE-2022-28757 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...)
@@ -72661,8 +72741,8 @@ CVE-2022-20466
RESERVED
CVE-2022-20465
RESERVED
-CVE-2022-20464
- RESERVED
+CVE-2022-20464 (In various functions of ap_input_processor.c, there is a possible way ...)
+ TODO: check
CVE-2022-20463
RESERVED
CVE-2022-20462
@@ -72815,8 +72895,8 @@ CVE-2022-20399 (In the SEPolicy configuration of system apps, there is a possibl
NOT-FOR-US: Android
CVE-2022-20398 (In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way ...)
NOT-FOR-US: Android
-CVE-2022-20397
- RESERVED
+CVE-2022-20397 (In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of ...)
+ TODO: check
CVE-2022-20396 (In SettingsActivity.java, there is a possible way to make a device dis ...)
NOT-FOR-US: Android
CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file deletio ...)
@@ -89598,7 +89678,7 @@ CVE-2021-36203 (The affected product may allow an attacker to identify and forge
NOT-FOR-US: Johnson Controls
CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...)
NOT-FOR-US: Johnson Controls Metasys
-CVE-2021-36201 (Under certain circumstances a C•CURE Portal user could enumerate ...)
+CVE-2021-36201 (Under certain circumstances a CCURE Portal user could enumerate user a ...)
TODO: check
CVE-2021-36200 (Under certain circumstances an unauthenticated user could access the t ...)
NOT-FOR-US: Johnson Controls
@@ -104321,7 +104401,7 @@ CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c
NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/ab04483ee1a846d6b74b2e6248e980152baec3f6 (v0.99.beta20)
CVE-2021-30497 (Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users t ...)
NOT-FOR-US: Ivanti
-CVE-2021-30496 (The Telegram app 7.6.2 for iOS allows remote authenticated users to ca ...)
+CVE-2021-30496 (** DISPUTED ** The Telegram app 7.6.2 for iOS allows remote authentica ...)
NOT-FOR-US: Telegram for iOS
CVE-2021-30495
RESERVED
@@ -112111,8 +112191,8 @@ CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read, whi
NOT-FOR-US: Welch Allyn
CVE-2021-27407
RESERVED
-CVE-2021-27406
- RESERVED
+CVE-2021-27406 (An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1 ...)
+ TODO: check
CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...)
NOT-FOR-US: Node scrapbox-parser
CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...)
@@ -123692,8 +123772,8 @@ CVE-2021-3021 (ISPConfig before 3.2.2 allows SQL injection. ...)
CVE-2021-3020 (An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) throu ...)
- hawk <itp> (bug #634344)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1180571 (private)
-CVE-2021-22685
- RESERVED
+CVE-2021-22685 (An attacker may be able to use minify route with a relative path to vi ...)
+ TODO: check
CVE-2021-22684 (Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in ...)
NOT-FOR-US: Tizen RT RTOS
CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
@@ -130248,7 +130328,7 @@ CVE-2021-20601 (Improper input validation vulnerability in GOT2000 series GT27 m
NOT-FOR-US: Mitsubishi
CVE-2021-20600 (Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R s ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...)
+CVE-2021-20599 (Cleartext transmission of sensitive information vulnerability in MELSE ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...)
NOT-FOR-US: Mitsubishi
@@ -140142,8 +140222,8 @@ CVE-2021-0701
RESERVED
CVE-2021-0700
RESERVED
-CVE-2021-0699
- RESERVED
+CVE-2021-0699 (In HTBLogKM of TBD, there is a possible out of bounds write due to a m ...)
+ TODO: check
CVE-2021-0698 (In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel ...)
NOT-FOR-US: Android
CVE-2021-0697 (In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible use ...)
@@ -192834,7 +192914,7 @@ CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The
NOT-FOR-US: phpoffice/phpspreadsheet
CVE-2020-7775 (This affects all versions of package freediskspace. The vulnerability ...)
NOT-FOR-US: Node freediskspace
-CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po ...)
+CVE-2020-7774 (The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Proto ...)
- node-y18n 4.0.0-3 (bug #976390)
[buster] - node-y18n 3.2.1-2+deb10u1
[stretch] - node-y18n <end-of-life> (Nodejs in stretch not covered by security support)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99dfb1f58a33581ea36bdb3dacab0c29c68f6c72
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99dfb1f58a33581ea36bdb3dacab0c29c68f6c72
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221014/2d67df42/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list