[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 17 21:10:31 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0327667c by security tracker role at 2022-10-17T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,851 @@
+CVE-2022-43378
+ RESERVED
+CVE-2022-43377
+ RESERVED
+CVE-2022-43376
+ RESERVED
+CVE-2022-43375
+ RESERVED
+CVE-2022-43374
+ RESERVED
+CVE-2022-43373
+ RESERVED
+CVE-2022-43372
+ RESERVED
+CVE-2022-43371
+ RESERVED
+CVE-2022-43370
+ RESERVED
+CVE-2022-43369
+ RESERVED
+CVE-2022-43368
+ RESERVED
+CVE-2022-43367
+ RESERVED
+CVE-2022-43366
+ RESERVED
+CVE-2022-43365
+ RESERVED
+CVE-2022-43364
+ RESERVED
+CVE-2022-43363
+ RESERVED
+CVE-2022-43362
+ RESERVED
+CVE-2022-43361
+ RESERVED
+CVE-2022-43360
+ RESERVED
+CVE-2022-43359
+ RESERVED
+CVE-2022-43358
+ RESERVED
+CVE-2022-43357
+ RESERVED
+CVE-2022-43356
+ RESERVED
+CVE-2022-43355
+ RESERVED
+CVE-2022-43354
+ RESERVED
+CVE-2022-43353
+ RESERVED
+CVE-2022-43352
+ RESERVED
+CVE-2022-43351
+ RESERVED
+CVE-2022-43350
+ RESERVED
+CVE-2022-43349
+ RESERVED
+CVE-2022-43348
+ RESERVED
+CVE-2022-43347
+ RESERVED
+CVE-2022-43346
+ RESERVED
+CVE-2022-43345
+ RESERVED
+CVE-2022-43344
+ RESERVED
+CVE-2022-43343
+ RESERVED
+CVE-2022-43342
+ RESERVED
+CVE-2022-43341
+ RESERVED
+CVE-2022-43340
+ RESERVED
+CVE-2022-43339
+ RESERVED
+CVE-2022-43338
+ RESERVED
+CVE-2022-43337
+ RESERVED
+CVE-2022-43336
+ RESERVED
+CVE-2022-43335
+ RESERVED
+CVE-2022-43334
+ RESERVED
+CVE-2022-43333
+ RESERVED
+CVE-2022-43332
+ RESERVED
+CVE-2022-43331
+ RESERVED
+CVE-2022-43330
+ RESERVED
+CVE-2022-43329
+ RESERVED
+CVE-2022-43328
+ RESERVED
+CVE-2022-43327
+ RESERVED
+CVE-2022-43326
+ RESERVED
+CVE-2022-43325
+ RESERVED
+CVE-2022-43324
+ RESERVED
+CVE-2022-43323
+ RESERVED
+CVE-2022-43322
+ RESERVED
+CVE-2022-43321
+ RESERVED
+CVE-2022-43320
+ RESERVED
+CVE-2022-43319
+ RESERVED
+CVE-2022-43318
+ RESERVED
+CVE-2022-43317
+ RESERVED
+CVE-2022-43316
+ RESERVED
+CVE-2022-43315
+ RESERVED
+CVE-2022-43314
+ RESERVED
+CVE-2022-43313
+ RESERVED
+CVE-2022-43312
+ RESERVED
+CVE-2022-43311
+ RESERVED
+CVE-2022-43310
+ RESERVED
+CVE-2022-43309
+ RESERVED
+CVE-2022-43308
+ RESERVED
+CVE-2022-43307
+ RESERVED
+CVE-2022-43306
+ RESERVED
+CVE-2022-43305
+ RESERVED
+CVE-2022-43304
+ RESERVED
+CVE-2022-43303
+ RESERVED
+CVE-2022-43302
+ RESERVED
+CVE-2022-43301
+ RESERVED
+CVE-2022-43300
+ RESERVED
+CVE-2022-43299
+ RESERVED
+CVE-2022-43298
+ RESERVED
+CVE-2022-43297
+ RESERVED
+CVE-2022-43296
+ RESERVED
+CVE-2022-43295
+ RESERVED
+CVE-2022-43294
+ RESERVED
+CVE-2022-43293
+ RESERVED
+CVE-2022-43292
+ RESERVED
+CVE-2022-43291
+ RESERVED
+CVE-2022-43290
+ RESERVED
+CVE-2022-43289
+ RESERVED
+CVE-2022-43288
+ RESERVED
+CVE-2022-43287
+ RESERVED
+CVE-2022-43286
+ RESERVED
+CVE-2022-43285
+ RESERVED
+CVE-2022-43284
+ RESERVED
+CVE-2022-43283
+ RESERVED
+CVE-2022-43282
+ RESERVED
+CVE-2022-43281
+ RESERVED
+CVE-2022-43280
+ RESERVED
+CVE-2022-43279
+ RESERVED
+CVE-2022-43278
+ RESERVED
+CVE-2022-43277
+ RESERVED
+CVE-2022-43276
+ RESERVED
+CVE-2022-43275
+ RESERVED
+CVE-2022-43274
+ RESERVED
+CVE-2022-43273
+ RESERVED
+CVE-2022-43272
+ RESERVED
+CVE-2022-43271
+ RESERVED
+CVE-2022-43270
+ RESERVED
+CVE-2022-43269
+ RESERVED
+CVE-2022-43268
+ RESERVED
+CVE-2022-43267
+ RESERVED
+CVE-2022-43266
+ RESERVED
+CVE-2022-43265
+ RESERVED
+CVE-2022-43264
+ RESERVED
+CVE-2022-43263
+ RESERVED
+CVE-2022-43262
+ RESERVED
+CVE-2022-43261
+ RESERVED
+CVE-2022-43260
+ RESERVED
+CVE-2022-43259
+ RESERVED
+CVE-2022-43258
+ RESERVED
+CVE-2022-43257
+ RESERVED
+CVE-2022-43256
+ RESERVED
+CVE-2022-43255
+ RESERVED
+CVE-2022-43254
+ RESERVED
+CVE-2022-43253
+ RESERVED
+CVE-2022-43252
+ RESERVED
+CVE-2022-43251
+ RESERVED
+CVE-2022-43250
+ RESERVED
+CVE-2022-43249
+ RESERVED
+CVE-2022-43248
+ RESERVED
+CVE-2022-43247
+ RESERVED
+CVE-2022-43246
+ RESERVED
+CVE-2022-43245
+ RESERVED
+CVE-2022-43244
+ RESERVED
+CVE-2022-43243
+ RESERVED
+CVE-2022-43242
+ RESERVED
+CVE-2022-43241
+ RESERVED
+CVE-2022-43240
+ RESERVED
+CVE-2022-43239
+ RESERVED
+CVE-2022-43238
+ RESERVED
+CVE-2022-43237
+ RESERVED
+CVE-2022-43236
+ RESERVED
+CVE-2022-43235
+ RESERVED
+CVE-2022-43234
+ RESERVED
+CVE-2022-43233
+ RESERVED
+CVE-2022-43232
+ RESERVED
+CVE-2022-43231
+ RESERVED
+CVE-2022-43230
+ RESERVED
+CVE-2022-43229
+ RESERVED
+CVE-2022-43228
+ RESERVED
+CVE-2022-43227
+ RESERVED
+CVE-2022-43226
+ RESERVED
+CVE-2022-43225
+ RESERVED
+CVE-2022-43224
+ RESERVED
+CVE-2022-43223
+ RESERVED
+CVE-2022-43222
+ RESERVED
+CVE-2022-43221
+ RESERVED
+CVE-2022-43220
+ RESERVED
+CVE-2022-43219
+ RESERVED
+CVE-2022-43218
+ RESERVED
+CVE-2022-43217
+ RESERVED
+CVE-2022-43216
+ RESERVED
+CVE-2022-43215
+ RESERVED
+CVE-2022-43214
+ RESERVED
+CVE-2022-43213
+ RESERVED
+CVE-2022-43212
+ RESERVED
+CVE-2022-43211
+ RESERVED
+CVE-2022-43210
+ RESERVED
+CVE-2022-43209
+ RESERVED
+CVE-2022-43208
+ RESERVED
+CVE-2022-43207
+ RESERVED
+CVE-2022-43206
+ RESERVED
+CVE-2022-43205
+ RESERVED
+CVE-2022-43204
+ RESERVED
+CVE-2022-43203
+ RESERVED
+CVE-2022-43202
+ RESERVED
+CVE-2022-43201
+ RESERVED
+CVE-2022-43200
+ RESERVED
+CVE-2022-43199
+ RESERVED
+CVE-2022-43198
+ RESERVED
+CVE-2022-43197
+ RESERVED
+CVE-2022-43196
+ RESERVED
+CVE-2022-43195
+ RESERVED
+CVE-2022-43194
+ RESERVED
+CVE-2022-43193
+ RESERVED
+CVE-2022-43192
+ RESERVED
+CVE-2022-43191
+ RESERVED
+CVE-2022-43190
+ RESERVED
+CVE-2022-43189
+ RESERVED
+CVE-2022-43188
+ RESERVED
+CVE-2022-43187
+ RESERVED
+CVE-2022-43186
+ RESERVED
+CVE-2022-43185
+ RESERVED
+CVE-2022-43184
+ RESERVED
+CVE-2022-43183
+ RESERVED
+CVE-2022-43182
+ RESERVED
+CVE-2022-43181
+ RESERVED
+CVE-2022-43180
+ RESERVED
+CVE-2022-43179
+ RESERVED
+CVE-2022-43178
+ RESERVED
+CVE-2022-43177
+ RESERVED
+CVE-2022-43176
+ RESERVED
+CVE-2022-43175
+ RESERVED
+CVE-2022-43174
+ RESERVED
+CVE-2022-43173
+ RESERVED
+CVE-2022-43172
+ RESERVED
+CVE-2022-43171
+ RESERVED
+CVE-2022-43170
+ RESERVED
+CVE-2022-43169
+ RESERVED
+CVE-2022-43168
+ RESERVED
+CVE-2022-43167
+ RESERVED
+CVE-2022-43166
+ RESERVED
+CVE-2022-43165
+ RESERVED
+CVE-2022-43164
+ RESERVED
+CVE-2022-43163
+ RESERVED
+CVE-2022-43162
+ RESERVED
+CVE-2022-43161
+ RESERVED
+CVE-2022-43160
+ RESERVED
+CVE-2022-43159
+ RESERVED
+CVE-2022-43158
+ RESERVED
+CVE-2022-43157
+ RESERVED
+CVE-2022-43156
+ RESERVED
+CVE-2022-43155
+ RESERVED
+CVE-2022-43154
+ RESERVED
+CVE-2022-43153
+ RESERVED
+CVE-2022-43152
+ RESERVED
+CVE-2022-43151
+ RESERVED
+CVE-2022-43150
+ RESERVED
+CVE-2022-43149
+ RESERVED
+CVE-2022-43148
+ RESERVED
+CVE-2022-43147
+ RESERVED
+CVE-2022-43146
+ RESERVED
+CVE-2022-43145
+ RESERVED
+CVE-2022-43144
+ RESERVED
+CVE-2022-43143
+ RESERVED
+CVE-2022-43142
+ RESERVED
+CVE-2022-43141
+ RESERVED
+CVE-2022-43140
+ RESERVED
+CVE-2022-43139
+ RESERVED
+CVE-2022-43138
+ RESERVED
+CVE-2022-43137
+ RESERVED
+CVE-2022-43136
+ RESERVED
+CVE-2022-43135
+ RESERVED
+CVE-2022-43134
+ RESERVED
+CVE-2022-43133
+ RESERVED
+CVE-2022-43132
+ RESERVED
+CVE-2022-43131
+ RESERVED
+CVE-2022-43130
+ RESERVED
+CVE-2022-43129
+ RESERVED
+CVE-2022-43128
+ RESERVED
+CVE-2022-43127
+ RESERVED
+CVE-2022-43126
+ RESERVED
+CVE-2022-43125
+ RESERVED
+CVE-2022-43124
+ RESERVED
+CVE-2022-43123
+ RESERVED
+CVE-2022-43122
+ RESERVED
+CVE-2022-43121
+ RESERVED
+CVE-2022-43120
+ RESERVED
+CVE-2022-43119
+ RESERVED
+CVE-2022-43118
+ RESERVED
+CVE-2022-43117
+ RESERVED
+CVE-2022-43116
+ RESERVED
+CVE-2022-43115
+ RESERVED
+CVE-2022-43114
+ RESERVED
+CVE-2022-43113
+ RESERVED
+CVE-2022-43112
+ RESERVED
+CVE-2022-43111
+ RESERVED
+CVE-2022-43110
+ RESERVED
+CVE-2022-43109
+ RESERVED
+CVE-2022-43108
+ RESERVED
+CVE-2022-43107
+ RESERVED
+CVE-2022-43106
+ RESERVED
+CVE-2022-43105
+ RESERVED
+CVE-2022-43104
+ RESERVED
+CVE-2022-43103
+ RESERVED
+CVE-2022-43102
+ RESERVED
+CVE-2022-43101
+ RESERVED
+CVE-2022-43100
+ RESERVED
+CVE-2022-43099
+ RESERVED
+CVE-2022-43098
+ RESERVED
+CVE-2022-43097
+ RESERVED
+CVE-2022-43096
+ RESERVED
+CVE-2022-43095
+ RESERVED
+CVE-2022-43094
+ RESERVED
+CVE-2022-43093
+ RESERVED
+CVE-2022-43092
+ RESERVED
+CVE-2022-43091
+ RESERVED
+CVE-2022-43090
+ RESERVED
+CVE-2022-43089
+ RESERVED
+CVE-2022-43088
+ RESERVED
+CVE-2022-43087
+ RESERVED
+CVE-2022-43086
+ RESERVED
+CVE-2022-43085
+ RESERVED
+CVE-2022-43084
+ RESERVED
+CVE-2022-43083
+ RESERVED
+CVE-2022-43082
+ RESERVED
+CVE-2022-43081
+ RESERVED
+CVE-2022-43080
+ RESERVED
+CVE-2022-43079
+ RESERVED
+CVE-2022-43078
+ RESERVED
+CVE-2022-43077
+ RESERVED
+CVE-2022-43076
+ RESERVED
+CVE-2022-43075
+ RESERVED
+CVE-2022-43074
+ RESERVED
+CVE-2022-43073
+ RESERVED
+CVE-2022-43072
+ RESERVED
+CVE-2022-43071
+ RESERVED
+CVE-2022-43070
+ RESERVED
+CVE-2022-43069
+ RESERVED
+CVE-2022-43068
+ RESERVED
+CVE-2022-43067
+ RESERVED
+CVE-2022-43066
+ RESERVED
+CVE-2022-43065
+ RESERVED
+CVE-2022-43064
+ RESERVED
+CVE-2022-43063
+ RESERVED
+CVE-2022-43062
+ RESERVED
+CVE-2022-43061
+ RESERVED
+CVE-2022-43060
+ RESERVED
+CVE-2022-43059
+ RESERVED
+CVE-2022-43058
+ RESERVED
+CVE-2022-43057
+ RESERVED
+CVE-2022-43056
+ RESERVED
+CVE-2022-43055
+ RESERVED
+CVE-2022-43054
+ RESERVED
+CVE-2022-43053
+ RESERVED
+CVE-2022-43052
+ RESERVED
+CVE-2022-43051
+ RESERVED
+CVE-2022-43050
+ RESERVED
+CVE-2022-43049
+ RESERVED
+CVE-2022-43048
+ RESERVED
+CVE-2022-43047
+ RESERVED
+CVE-2022-43046
+ RESERVED
+CVE-2022-43045
+ RESERVED
+CVE-2022-43044
+ RESERVED
+CVE-2022-43043
+ RESERVED
+CVE-2022-43042
+ RESERVED
+CVE-2022-43041
+ RESERVED
+CVE-2022-43040
+ RESERVED
+CVE-2022-43039
+ RESERVED
+CVE-2022-43038
+ RESERVED
+CVE-2022-43037
+ RESERVED
+CVE-2022-43036
+ RESERVED
+CVE-2022-43035
+ RESERVED
+CVE-2022-43034
+ RESERVED
+CVE-2022-43033
+ RESERVED
+CVE-2022-43032
+ RESERVED
+CVE-2022-43031
+ RESERVED
+CVE-2022-43030
+ RESERVED
+CVE-2022-43029
+ RESERVED
+CVE-2022-43028
+ RESERVED
+CVE-2022-43027
+ RESERVED
+CVE-2022-43026
+ RESERVED
+CVE-2022-43025
+ RESERVED
+CVE-2022-43024
+ RESERVED
+CVE-2022-43023
+ RESERVED
+CVE-2022-43022
+ RESERVED
+CVE-2022-43021
+ RESERVED
+CVE-2022-43020
+ RESERVED
+CVE-2022-43019
+ RESERVED
+CVE-2022-43018
+ RESERVED
+CVE-2022-43017
+ RESERVED
+CVE-2022-43016
+ RESERVED
+CVE-2022-43015
+ RESERVED
+CVE-2022-43014
+ RESERVED
+CVE-2022-43013
+ RESERVED
+CVE-2022-43012
+ RESERVED
+CVE-2022-43011
+ RESERVED
+CVE-2022-43010
+ RESERVED
+CVE-2022-43009
+ RESERVED
+CVE-2022-43008
+ RESERVED
+CVE-2022-43007
+ RESERVED
+CVE-2022-43006
+ RESERVED
+CVE-2022-43005
+ RESERVED
+CVE-2022-43004
+ RESERVED
+CVE-2022-43003
+ RESERVED
+CVE-2022-43002
+ RESERVED
+CVE-2022-43001
+ RESERVED
+CVE-2022-43000
+ RESERVED
+CVE-2022-42999
+ RESERVED
+CVE-2022-42998
+ RESERVED
+CVE-2022-42997
+ RESERVED
+CVE-2022-42996
+ RESERVED
+CVE-2022-42995
+ RESERVED
+CVE-2022-42994
+ RESERVED
+CVE-2022-42993
+ RESERVED
+CVE-2022-42992
+ RESERVED
+CVE-2022-42991
+ RESERVED
+CVE-2022-42990
+ RESERVED
+CVE-2022-42989
+ RESERVED
+CVE-2022-42988
+ RESERVED
+CVE-2022-42987
+ RESERVED
+CVE-2022-3567 (A vulnerability has been found in Linux Kernel and classified as probl ...)
+ TODO: check
+CVE-2022-3566 (A vulnerability, which was classified as problematic, was found in Lin ...)
+ TODO: check
+CVE-2022-3565 (A vulnerability, which was classified as critical, has been found in L ...)
+ TODO: check
+CVE-2022-3564 (A vulnerability classified as critical was found in Linux Kernel. Affe ...)
+ TODO: check
+CVE-2022-3563 (A vulnerability classified as problematic has been found in Linux Kern ...)
+ TODO: check
+CVE-2022-3562
+ RESERVED
+CVE-2022-3561
+ RESERVED
+CVE-2022-3560
+ RESERVED
+CVE-2022-3559 (A vulnerability was found in Exim and classified as critical. This iss ...)
+ TODO: check
+CVE-2022-3558
+ RESERVED
+CVE-2022-3557
+ RESERVED
+CVE-2022-3556
+ RESERVED
+CVE-2022-3555 (A vulnerability was found in X.org libX11 and classified as problemati ...)
+ TODO: check
+CVE-2022-3554 (A vulnerability has been found in X.org libX11 and classified as probl ...)
+ TODO: check
+CVE-2022-3553 (A vulnerability, which was classified as problematic, was found in X.o ...)
+ TODO: check
+CVE-2022-3552 (Unrestricted Upload of File with Dangerous Type in GitHub repository b ...)
+ TODO: check
+CVE-2022-3551 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-3550 (A vulnerability classified as critical was found in X.org Server. Affe ...)
+ TODO: check
+CVE-2022-3549 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...)
+ TODO: check
+CVE-2022-3548 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...)
+ TODO: check
+CVE-2022-3547 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...)
+ TODO: check
+CVE-2022-3546 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...)
+ TODO: check
+CVE-2022-3545 (A vulnerability has been found in Linux Kernel and classified as criti ...)
+ TODO: check
+CVE-2022-3544 (A vulnerability, which was classified as problematic, was found in Lin ...)
+ TODO: check
+CVE-2022-3543 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-3542 (A vulnerability classified as problematic was found in Linux Kernel. T ...)
+ TODO: check
+CVE-2022-3541 (A vulnerability classified as critical has been found in Linux Kernel. ...)
+ TODO: check
+CVE-2022-3540 (An issue has been discovered in hunter2 affecting all versions before ...)
+ TODO: check
+CVE-2022-3539
+ RESERVED
+CVE-2022-3538
+ RESERVED
+CVE-2022-3537
+ RESERVED
+CVE-2022-3536
+ RESERVED
CVE-2022-42986
RESERVED
CVE-2022-42985
@@ -32,16 +880,16 @@ CVE-2022-42971
RESERVED
CVE-2022-42970
RESERVED
-CVE-2022-3535
- RESERVED
-CVE-2022-3534
- RESERVED
-CVE-2022-3533
- RESERVED
-CVE-2022-3532
- RESERVED
-CVE-2022-3531
- RESERVED
+CVE-2022-3535 (A vulnerability classified as problematic was found in Linux Kernel. A ...)
+ TODO: check
+CVE-2022-3534 (A vulnerability classified as critical has been found in Linux Kernel. ...)
+ TODO: check
+CVE-2022-3533 (A vulnerability was found in Linux Kernel. It has been rated as proble ...)
+ TODO: check
+CVE-2022-3532 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
+ TODO: check
+CVE-2022-3531 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
+ TODO: check
CVE-2022-3530 (A vulnerability was found in Linux Kernel and classified as problemati ...)
- iproute2 5.19.0-1
NOTE: https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=1d540336b026ed5bfe10eefac383db7f434d842f
@@ -188,6 +1036,7 @@ CVE-2022-3516
RESERVED
CVE-2022-3515
RESERVED
+ {DSA-5255-1}
- libksba 1.6.2-1 (bug #1021928)
NOTE: https://gnupg.org/blog/20221017-pepe-left-the-ksba.html
NOTE: https://dev.gnupg.org/T6230
@@ -220,8 +1069,8 @@ CVE-2022-3503 (A vulnerability was found in SourceCodester Purchase Order Manage
NOT-FOR-US: SourceCodester
CVE-2022-3502 (A vulnerability was found in Human Resource Management System 1.0. It ...)
NOT-FOR-US: Human Resource Management System
-CVE-2022-3501
- RESERVED
+CVE-2022-3501 (Article template contents with sensitive data could be accessed from a ...)
+ TODO: check
CVE-2022-3500
RESERVED
CVE-2022-42918
@@ -1860,8 +2709,8 @@ CVE-2022-42239
RESERVED
CVE-2022-42238 (A Vertical Privilege Escalation issue in Merchandise Online Store v.1. ...)
NOT-FOR-US: Merchandise Online Store
-CVE-2022-42237
- RESERVED
+CVE-2022-42237 (A SQL Injection issue in Merchandise Online Store v.1.0 allows an atta ...)
+ TODO: check
CVE-2022-42236 (A Stored XSS issue in Merchandise Online Store v.1.0 allows to injecti ...)
NOT-FOR-US: Merchandise Online Store
CVE-2022-42235 (A Stored XSS issue in Student Clearance System v.1.0 allows the inject ...)
@@ -1892,8 +2741,8 @@ CVE-2022-42223
RESERVED
CVE-2022-42222
RESERVED
-CVE-2022-42221
- RESERVED
+CVE-2022-42221 (Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, ...)
+ TODO: check
CVE-2022-42220
RESERVED
CVE-2022-42219
@@ -1992,24 +2841,24 @@ CVE-2022-42173
RESERVED
CVE-2022-42172
RESERVED
-CVE-2022-42171
- RESERVED
-CVE-2022-42170
- RESERVED
-CVE-2022-42169
- RESERVED
-CVE-2022-42168
- RESERVED
-CVE-2022-42167
- RESERVED
-CVE-2022-42166
- RESERVED
-CVE-2022-42165
- RESERVED
-CVE-2022-42164
- RESERVED
-CVE-2022-42163
- RESERVED
+CVE-2022-42171 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
+ TODO: check
+CVE-2022-42170 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
+ TODO: check
+CVE-2022-42169 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
+ TODO: check
+CVE-2022-42168 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
+ TODO: check
+CVE-2022-42167 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
+ TODO: check
+CVE-2022-42166 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
+ TODO: check
+CVE-2022-42165 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
+ TODO: check
+CVE-2022-42164 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
+ TODO: check
+CVE-2022-42163 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
+ TODO: check
CVE-2022-42162
RESERVED
CVE-2022-42161 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command i ...)
@@ -2026,8 +2875,8 @@ CVE-2022-42156 (D-Link COVR 1200,1203 v1.08 was discovered to contain a command
NOT-FOR-US: D-Link
CVE-2022-42155
RESERVED
-CVE-2022-42154
- RESERVED
+CVE-2022-42154 (An arbitrary file upload vulnerability in the component /apiadmin/uplo ...)
+ TODO: check
CVE-2022-42153
RESERVED
CVE-2022-42152
@@ -2276,8 +3125,8 @@ CVE-2022-42031
RESERVED
CVE-2022-42030
RESERVED
-CVE-2022-42029
- RESERVED
+CVE-2022-42029 (Chamilo 1.11.16 is affected by an authenticated local file inclusion v ...)
+ TODO: check
CVE-2022-42028
RESERVED
CVE-2022-42027
@@ -2934,8 +3783,8 @@ CVE-2022-41753
RESERVED
CVE-2022-41752
RESERVED
-CVE-2022-41751
- RESERVED
+CVE-2022-41751 (Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by pl ...)
+ TODO: check
CVE-2022-41750
RESERVED
CVE-2022-41749 (An origin validation error vulnerability in Trend Micro Apex One agent ...)
@@ -3099,8 +3948,7 @@ CVE-2022-3352 (Use After Free in GitHub repository vim/vim prior to 9.0.0614. ..
- vim 2:9.0.0626-1
NOTE: https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60
NOTE: https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15 (v9.0.0614)
-CVE-2022-3351
- RESERVED
+CVE-2022-3351 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3350
RESERVED
@@ -3357,10 +4205,9 @@ CVE-2022-3333 (A vulnerability, which was classified as problematic, was found i
NOT-FOR-US: WordPress plugin
CVE-2022-3332 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Food Ordering Management System
-CVE-2022-3331
- RESERVED
-CVE-2022-3330
- RESERVED
+CVE-2022-3331 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
+CVE-2022-3330 (It was possible for a guest user to read a todo targeting an inaccessi ...)
- gitlab <unfixed>
CVE-2022-3329
RESERVED
@@ -3368,8 +4215,8 @@ CVE-2022-30544
RESERVED
CVE-2022-27628
RESERVED
-CVE-2022-26375
- RESERVED
+CVE-2022-26375 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...)
+ TODO: check
CVE-2021-46840 (The HW_KEYMASTER module has an out-of-bounds access vulnerability in p ...)
NOT-FOR-US: Huawei
CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds check on ...)
@@ -3424,8 +4271,7 @@ CVE-2022-3327
RESERVED
CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-3325
- RESERVED
+CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all versions ...)
- gitlab <unfixed>
CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
- vim 2:9.0.0626-1
@@ -3562,8 +4408,8 @@ CVE-2022-41544
RESERVED
CVE-2022-41543
RESERVED
-CVE-2022-41542
- RESERVED
+CVE-2022-41542 (devhub 0.102.0 was discovered to contain a broken session control. ...)
+ TODO: check
CVE-2022-41541
RESERVED
CVE-2022-41540
@@ -3650,8 +4496,8 @@ CVE-2022-41500
RESERVED
CVE-2022-41499
RESERVED
-CVE-2022-41498
- RESERVED
+CVE-2022-41498 (Billing System Project v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
CVE-2022-41497 (ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forge ...)
NOT-FOR-US: ClipperCMS
CVE-2022-41496 (iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery ( ...)
@@ -3702,10 +4548,10 @@ CVE-2022-41474 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forg
NOT-FOR-US: RPCMS
CVE-2022-41473 (RPCMS v3.0.2 was discovered to contain a reflected cross-site scriptin ...)
NOT-FOR-US: RPCMS
-CVE-2022-41472
- RESERVED
-CVE-2022-41471
- RESERVED
+CVE-2022-41472 (74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) ...)
+ TODO: check
+CVE-2022-41471 (74cmsSE v3.12.0 allows authenticated attackers with low-level privileg ...)
+ TODO: check
CVE-2022-41470
RESERVED
CVE-2022-41469
@@ -4001,8 +4847,7 @@ CVE-2022-3295 (Allocation of Resources Without Limits or Throttling in GitHub re
- rdiffweb <itp> (bug #969974)
CVE-2022-3294
RESERVED
-CVE-2022-3293
- RESERVED
+CVE-2022-3293 (Email addresses were leaked in WebHook logs in GitLab EE affecting all ...)
- gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3292 (Use of Cache Containing Sensitive Information in GitHub repository iku ...)
- rdiffweb <itp> (bug #969974)
@@ -4026,33 +4871,29 @@ CVE-2022-41328
RESERVED
CVE-2022-41327
RESERVED
-CVE-2022-3291
- RESERVED
+CVE-2022-3291 (Serialization of sensitive data in GitLab EE affecting all versions fr ...)
- gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3289
RESERVED
-CVE-2022-3288
- RESERVED
+CVE-2022-3288 (A branch/tag name confusion in GitLab CE/EE affecting all versions pri ...)
- gitlab <unfixed>
CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish plugin ...)
- fwupd 1.8.5-1
[bullseye] - fwupd <no-dsa> (Minor issue)
NOTE: https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 (1.8.5)
-CVE-2022-3286
- RESERVED
+CVE-2022-3286 (Lack of IP address checking in GitLab EE affecting all versions from 1 ...)
- gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3285
RESERVED
- gitlab <unfixed>
CVE-2022-3284
RESERVED
-CVE-2022-3283
- RESERVED
+CVE-2022-3283 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
- gitlab <unfixed>
-CVE-2022-3282
- RESERVED
+CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 ...)
+ TODO: check
CVE-2022-41326
RESERVED
CVE-2022-41325
@@ -4076,12 +4917,11 @@ CVE-2022-41319 (A Reflected Cross-Site Scripting (XSS) vulnerability affects the
NOT-FOR-US: Veritas
CVE-2022-41316 (HashiCorp Vault and Vault Enterprise’s TLS certificate auth meth ...)
NOT-FOR-US: HashiCorp Vault and Vault Enterprise
-CVE-2022-3281
- RESERVED
+CVE-2022-3281 (WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller ...)
+ TODO: check
CVE-2022-3280
RESERVED
-CVE-2022-3279
- RESERVED
+CVE-2022-3279 (An unhandled exception in job log parsing in GitLab CE/EE affecting al ...)
- gitlab <unfixed>
CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.055 ...)
- vim 2:9.0.0626-1 (unimportant)
@@ -4562,10 +5402,10 @@ CVE-2022-3246
RESERVED
CVE-2022-3245 (HTML injection attack is closely related to Cross-site Scripting (XSS) ...)
NOT-FOR-US: microweber
-CVE-2022-3244
- RESERVED
-CVE-2022-3243
- RESERVED
+CVE-2022-3244 (The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does n ...)
+ TODO: check
+CVE-2022-3243 (The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does n ...)
+ TODO: check
CVE-2022-3242 (Code Injection in GitHub repository microweber/microweber prior to 1.3 ...)
NOT-FOR-US: microweber
CVE-2022-3241
@@ -5729,8 +6569,8 @@ CVE-2022-3208 (The Simple File List WordPress plugin before 4.4.12 does not impl
NOT-FOR-US: WordPress plugin
CVE-2022-3207 (The Simple File List WordPress plugin before 4.4.12 does not sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3206
- RESERVED
+CVE-2022-3206 (The Passster WordPress plugin before 3.5.5.5.2 stores the password ins ...)
+ TODO: check
CVE-2022-3205 (An XSS exists in automation controller UI where the project name is su ...)
NOT-FOR-US: Red Hat Ansible Automation Controller
CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation ...)
@@ -6753,8 +7593,7 @@ CVE-2022-3167 (Improper Restriction of Rendered UI Layers or Frames in GitHub re
- rdiffweb <itp> (bug #969974)
CVE-2022-3166
RESERVED
-CVE-2022-3165 [VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion]
- RESERVED
+CVE-2022-3165 (An integer underflow issue was found in the QEMU VNC server while proc ...)
- qemu <unfixed> (bug #1021019)
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -6900,12 +7739,12 @@ CVE-2022-3153 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
NOTE: Crash in CLI toool, no security impact
CVE-2022-3152 (Unverified Password Change in GitHub repository phpfusion/phpfusion pr ...)
NOT-FOR-US: PHP-Fusion
-CVE-2022-3151
- RESERVED
-CVE-2022-3150
- RESERVED
-CVE-2022-3149
- RESERVED
+CVE-2022-3151 (The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF ...)
+ TODO: check
+CVE-2022-3150 (The WP Custom Cursors WordPress plugin through 3.0 does not properly s ...)
+ TODO: check
+CVE-2022-3149 (The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF ...)
+ TODO: check
CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-40144 (A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a ...)
@@ -6970,8 +7809,8 @@ CVE-2022-3140 (LibreOffice supports Office URI Schemes to enable browser integra
{DSA-5252-1}
- libreoffice 1:7.4.1~rc2-3
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140
-CVE-2022-3139
- RESERVED
+CVE-2022-3139 (The We’re Open! WordPress plugin before 1.42 does not sanitise a ...)
+ TODO: check
CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3137 (The Taskbuilder WordPress plugin before 1.0.8 does not validate and sa ...)
@@ -7120,8 +7959,8 @@ CVE-2022-40057
RESERVED
CVE-2022-40056
RESERVED
-CVE-2022-40055
- RESERVED
+CVE-2022-40055 (An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows att ...)
+ TODO: check
CVE-2022-40054
RESERVED
CVE-2022-40053
@@ -7571,8 +8410,8 @@ CVE-2022-3133 (OS Command Injection in GitHub repository jgraph/drawio prior to
NOT-FOR-US: jgraph/drawio
CVE-2022-3132 (The Goolytics WordPress plugin before 1.1.2 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3131
- RESERVED
+CVE-2022-3131 (The Search Logger WordPress plugin through 0.9 does not properly sanit ...)
+ TODO: check
CVE-2022-3130 (A vulnerability classified as critical has been found in codeprojects ...)
NOT-FOR-US: codeprojects Online Driving School
CVE-2022-3129 (A vulnerability was found in codeprojects Online Driving School. It ha ...)
@@ -7581,8 +8420,8 @@ CVE-2022-3128 (The Donation Thermometer WordPress plugin before 2.1.3 does not s
NOT-FOR-US: WordPress plugin
CVE-2022-3127 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-3126
- RESERVED
+CVE-2022-3126 (The Frontend File Manager Plugin WordPress plugin before 21.4 does not ...)
+ TODO: check
CVE-2022-3125 (The Frontend File Manager Plugin WordPress plugin before 21.3 allows a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3124 (The Frontend File Manager Plugin WordPress plugin before 21.3 allows a ...)
@@ -9321,8 +10160,8 @@ CVE-2022-39081
RESERVED
CVE-2022-39080 (In messaging service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
-CVE-2022-3082
- RESERVED
+CVE-2022-3082 (The miniOrange Discord Integration WordPress plugin before 2.1.6 does ...)
+ TODO: check
CVE-2022-3081
RESERVED
CVE-2022-3080 (By sending specific queries to the resolver, an attacker can cause nam ...)
@@ -9425,8 +10264,8 @@ CVE-2022-39054 (Cowell enterprise travel management system has insufficient filt
NOT-FOR-US: Cowell enterprise travel management system
CVE-2022-39053 (Heimavista Rpage has insufficient filtering for platform web URL. An u ...)
NOT-FOR-US: Heimavista Rpage
-CVE-2022-39052
- RESERVED
+CVE-2022-39052 (An external attacker is able to send a specially crafted email (with m ...)
+ TODO: check
CVE-2022-39051 (Attacker might be able to execute malicious Perl code in the Template ...)
NOT-FOR-US: OTRS
NOTE: Could possibly affect Znuny, we'll let their security team figure it out
@@ -9448,11 +10287,9 @@ CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When
NOTE: https://sourceware.org/pipermail/libc-alpha/2022-August/141707.html
NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=a583b6add407c17cdcd4146be3876061a5e1d555 (glibc-2.36)
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1
-CVE-2022-3067
- RESERVED
+CVE-2022-3067 (An issue has been discovered in the Import functionality of GitLab CE/ ...)
- gitlab <unfixed>
-CVE-2022-3066
- RESERVED
+CVE-2022-3066 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...)
NOT-FOR-US: jgraph/drawio
@@ -9523,8 +10360,7 @@ CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticate
NOT-FOR-US: Mailform Pro CGI
CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injec ...)
NOT-FOR-US: PowerCMS
-CVE-2022-3060
- RESERVED
+CVE-2022-3060 (Improper control of a resource identifier in Error Tracking in GitLab ...)
- gitlab <unfixed>
CVE-2022-3059
RESERVED
@@ -10116,13 +10952,12 @@ CVE-2022-3032
[bullseye] - thunderbird <not-affected> (Only affects ESR102)
[buster] - thunderbird <not-affected> (Only affects ESR102)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3032
-CVE-2022-3031
- RESERVED
+CVE-2022-3031 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
-CVE-2022-3030
- RESERVED
+CVE-2022-3030 (An improper access control issue in GitLab CE/EE affecting all version ...)
+ TODO: check
CVE-2022-3029 (In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mi ...)
- routinator <itp> (bug #929024)
CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for tran ...)
@@ -10354,8 +11189,7 @@ CVE-2022-38745
RESERVED
CVE-2022-2993
RESERVED
-CVE-2022-2992
- RESERVED
+CVE-2022-2992 (A vulnerability in GitLab CE/EE affecting all versions from 11.10 prio ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
@@ -10729,8 +11563,7 @@ CVE-2022-2933
RESERVED
CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mob ...)
NOT-FOR-US: Mobiledoc Kit
-CVE-2022-2931
- RESERVED
+CVE-2022-2931 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
@@ -11226,8 +12059,7 @@ CVE-2022-38080 (Reflected cross-site scripting vulnerability in Exment ((PHP8) e
NOT-FOR-US: Exment
CVE-2022-37333 (SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5. ...)
NOT-FOR-US: Exment
-CVE-2022-2908
- RESERVED
+CVE-2022-2908 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
@@ -11458,8 +12290,7 @@ CVE-2022-38395
RESERVED
CVE-2022-38393
RESERVED
-CVE-2022-2884
- RESERVED
+CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 pri ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
CVE-2022-2883
@@ -11567,8 +12398,7 @@ CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can lead
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
CVE-2022-2866 (FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of- ...)
NOT-FOR-US: FATEK FvDesigner
-CVE-2022-2865
- RESERVED
+CVE-2022-2865 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
@@ -11696,8 +12526,8 @@ CVE-2022-2836
CVE-2022-2835
RESERVED
- coredns <itp> (bug #880676)
-CVE-2022-2834
- RESERVED
+CVE-2022-2834 (The Helpful WordPress plugin before 4.5.26 puts the exported logs and ...)
+ TODO: check
CVE-2022-2833 (Endless Infinite loop in Blender-thumnailing due to logical bugs. ...)
- blender 3.2.2+dfsg-1 (unimportant)
NOTE: https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512
@@ -14329,8 +15159,7 @@ CVE-2022-2632
RESERVED
CVE-2022-2631 (Improper Access Control in GitHub repository tooljet/tooljet prior to ...)
NOT-FOR-US: ToolJet
-CVE-2022-2630
- RESERVED
+CVE-2022-2630 (An improper access control issue in GitLab CE/EE affecting all version ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
@@ -15072,8 +15901,7 @@ CVE-2022-37042 (Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport f
NOT-FOR-US: Zimbra
CVE-2022-37041 (An issue was discovered in ProxyServlet.java in the /proxy servlet in ...)
NOT-FOR-US: Zimbra
-CVE-2022-2592
- RESERVED
+CVE-2022-2592 (A lack of length validation in Snippet descriptions in GitLab CE/EE af ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
@@ -15218,8 +16046,8 @@ CVE-2022-2576 (In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a D
NOT-FOR-US: Eclipse Californium
CVE-2022-2575 (The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6. ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2574
- RESERVED
+CVE-2022-2574 (The Meks Easy Social Share WordPress plugin before 1.2.8 does not sani ...)
+ TODO: check
CVE-2022-2573
RESERVED
CVE-2020-36562
@@ -15292,8 +16120,8 @@ CVE-2022-2565 (The Simple Payment Donations & Subscriptions WordPress plugin
NOT-FOR-US: WordPress plugin
CVE-2022-2564 (Prototype Pollution in GitHub repository automattic/mongoose prior to ...)
NOT-FOR-US: Mongoose
-CVE-2022-2563
- RESERVED
+CVE-2022-2563 (The Tutor LMS WordPress plugin before 2.0.10 does not escape some cour ...)
+ TODO: check
CVE-2022-37008 (The recovery module has a vulnerability of bypassing the verification ...)
NOT-FOR-US: Huawei
CVE-2022-37007 (The chinadrm module has an out-of-bounds read vulnerability. Successfu ...)
@@ -16514,8 +17342,7 @@ CVE-2022-2535 (The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does
NOT-FOR-US: WordPress plugin
CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2022-2533
- RESERVED
+CVE-2022-2533 (An issue has been discovered in GitLab affecting all versions starting ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
@@ -16549,8 +17376,7 @@ CVE-2022-36431
RESERVED
CVE-2022-36430
RESERVED
-CVE-2022-2527
- RESERVED
+CVE-2022-2527 (An issue in Incident Timelines has been discovered in GitLab CE/EE aff ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
@@ -17477,8 +18303,7 @@ CVE-2022-36130 (HashiCorp Boundary up to 0.10.1 did not properly perform data in
NOT-FOR-US: HashiCorp Boundary
CVE-2022-36129 (HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clu ...)
NOT-FOR-US: HashiCorp Vault
-CVE-2022-2455
- RESERVED
+CVE-2022-2455 (A business logic issue in the handling of large repositories in all ve ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
@@ -18130,8 +18955,7 @@ CVE-2022-2430 (The Visual Composer Website Builder plugin for WordPress is vulne
NOT-FOR-US: Visual Composer Website Builder plugin for WordPress
CVE-2022-2429 (The Ultimate SMS Notifications for WooCommerce plugin for WordPress is ...)
NOT-FOR-US: Ultimate SMS Notifications for WooCommerce plugin for WordPress
-CVE-2022-2428
- RESERVED
+CVE-2022-2428 (A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting ...)
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
@@ -25246,22 +26070,22 @@ CVE-2022-33219
RESERVED
CVE-2022-33218
RESERVED
-CVE-2022-33217
- RESERVED
+CVE-2022-33217 (Memory corruption in Qualcomm IPC due to buffer copy without checking ...)
+ TODO: check
CVE-2022-33216
RESERVED
CVE-2022-33215
RESERVED
-CVE-2022-33214
- RESERVED
+CVE-2022-33214 (Memory corruption in display due to time-of-check time-of-use of metad ...)
+ TODO: check
CVE-2022-33213
RESERVED
CVE-2022-33212
RESERVED
CVE-2022-33211
RESERVED
-CVE-2022-33210
- RESERVED
+CVE-2022-33210 (Memory corruption in automotive multimedia due to use of out-of-range ...)
+ TODO: check
CVE-2022-33146 (Open redirect vulnerability in web2py versions prior to 2.22.5 allows ...)
- web2py <removed>
CVE-2022-32585 (A command execution vulnerability exists in the clish art2 functionali ...)
@@ -25934,8 +26758,8 @@ CVE-2022-2053 (When a POST request comes through AJP and the request exceeds the
- undertow 2.2.18-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2095862
NOTE: https://github.com/undertow-io/undertow/commit/10ad8964162162ce6d441e951cb9efcdaa585916
-CVE-2022-2052
- RESERVED
+CVE-2022-2052 (Multiple Trumpf Products in multiple versions use default privileged W ...)
+ TODO: check
CVE-2022-2051
RESERVED
CVE-2022-2050 (The WP-Paginate WordPress plugin before 2.1.9 does not escape one of i ...)
@@ -28070,8 +28894,8 @@ CVE-2022-32178
RESERVED
CVE-2022-32177 (In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable ...)
NOT-FOR-US: Gin-Vue-Admin
-CVE-2022-32176
- RESERVED
+CVE-2022-32176 (In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to ...)
+ TODO: check
CVE-2022-32175 (In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to ...)
NOT-FOR-US: AdGuardHome
CVE-2022-32174 (In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cro ...)
@@ -39479,8 +40303,8 @@ CVE-2022-28293
RESERVED
CVE-2022-28292
RESERVED
-CVE-2022-28291
- RESERVED
+CVE-2022-28291 (Insufficiently Protected Credentials: An authenticated user with debug ...)
+ TODO: check
CVE-2022-28290 (Reflective Cross-Site Scripting vulnerability in WordPress Country Sel ...)
NOT-FOR-US: WordPress plugin
CVE-2022-28289
@@ -46956,8 +47780,8 @@ CVE-2022-25752 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V
NOT-FOR-US: Siemens SCALANCE
CVE-2022-25751 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...)
NOT-FOR-US: Siemens SCALANCE
-CVE-2022-25750
- RESERVED
+CVE-2022-25750 (Memory corruption in BTHOST due to double free while music playback an ...)
+ TODO: check
CVE-2022-25749
RESERVED
CVE-2022-25748
@@ -47010,8 +47834,8 @@ CVE-2022-25725
RESERVED
CVE-2022-25724
RESERVED
-CVE-2022-25723
- RESERVED
+CVE-2022-25723 (Memory corruption in multimedia due to use after free during callback ...)
+ TODO: check
CVE-2022-25722
RESERVED
CVE-2022-25721
@@ -47396,8 +48220,8 @@ CVE-2022-0701 (The SEO 301 Meta WordPress plugin through 1.9.1 does not escape i
NOT-FOR-US: WordPress plugin
CVE-2022-0700 (The Simple Tracking WordPress plugin before 1.7 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0699
- RESERVED
+CVE-2022-0699 (A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 ...)
+ TODO: check
CVE-2022-25597 (ASUS RT-AC86U’s LPD service has insufficient filtering for speci ...)
NOT-FOR-US: ASUS
CVE-2022-25596 (ASUS RT-AC56U’s configuration function has a heap-based buffer o ...)
@@ -53834,12 +54658,12 @@ CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before
NOTE: https://github.com/golang/go/issues/50699
NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
NOTE: https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a (go1.17.7)
-CVE-2022-23771
- RESERVED
-CVE-2022-23770
- RESERVED
-CVE-2022-23769
- RESERVED
+CVE-2022-23771 (This vulnerability occurs in user accounts creation and deleteion rela ...)
+ TODO: check
+CVE-2022-23770 (This vulnerability could allow a remote attacker to execute remote com ...)
+ TODO: check
+CVE-2022-23769 (Remote code execution vulnerability due to insufficient user privilege ...)
+ TODO: check
CVE-2022-23768 (This Vulnerability in NIS-HAP11AC is caused by an exposed external por ...)
NOT-FOR-US: NIS-HAP11AC
CVE-2022-23767 (This vulnerability of SecureGate is SQL-Injection using login without ...)
@@ -55592,11 +56416,13 @@ CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/1
CVE-2022-23219 (The deprecated compatibility function clnt_create in the sunrpc module ...)
+ {DLA-3152-1}
- glibc 2.33-3
[bullseye] - glibc 2.31-13+deb11u3
[stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22542
CVE-2022-23218 (The deprecated compatibility function svcunix_create in the sunrpc mod ...)
+ {DLA-3152-1}
- glibc 2.33-3
[bullseye] - glibc 2.31-13+deb11u3
[stretch] - glibc <no-dsa> (Minor issue)
@@ -61227,8 +62053,8 @@ CVE-2022-22130
RESERVED
CVE-2022-22129
RESERVED
-CVE-2022-22128
- RESERVED
+CVE-2022-22128 (Tableau discovered a path traversal vulnerability affecting Tableau Se ...)
+ TODO: check
CVE-2022-22127 (Tableau is aware of a broken access control vulnerability present in T ...)
NOT-FOR-US: Tableau Server
CVE-2022-22126 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...)
@@ -66139,6 +66965,7 @@ CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier be
CVE-2021-4000 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
NOT-FOR-US: ShowDoc
CVE-2021-3999 (A flaw was found in glibc. An off-by-one buffer overflow and underflow ...)
+ {DLA-3152-1}
- glibc 2.33-4
[bullseye] - glibc 2.31-13+deb11u4
[stretch] - glibc <no-dsa> (Minor issue)
@@ -90646,6 +91473,7 @@ CVE-2021-35944 (Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buf
CVE-2021-35943 (Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Co ...)
NOT-FOR-US: Couchbase Server
CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...)
+ {DLA-3152-1}
- glibc 2.31-13 (bug #990542)
[stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28011
@@ -96224,6 +97052,7 @@ CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2
CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...)
NOT-FOR-US: ruby-jss gem
CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions 2.32 ...)
+ {DLA-3152-1}
[experimental] - glibc 2.32-0experimental0
- glibc 2.32-1 (bug #989147)
[bullseye] - glibc 2.31-13+deb11u3
@@ -111864,6 +112693,7 @@ CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in
CVE-2021-27646 (Use After Free vulnerability in iscsi_snapshot_comm_core in Synology D ...)
NOT-FOR-US: Synology
CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka glibc o ...)
+ {DLA-3152-1}
- glibc 2.31-10 (bug #983479)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27462
NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=745664bd798ec8fd50438605948eea594179fba1 (glibc-2.29)
@@ -115232,6 +116062,7 @@ CVE-2021-26274 (The Agent in NinjaRMM 5.0.909 has Insecure Permissions. ...)
CVE-2021-26273 (The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. ...)
NOT-FOR-US: NinjaRMM
CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...)
+ {DLA-3152-1}
- glibc 2.31-10 (bug #981198)
[stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2146
@@ -127320,6 +128151,7 @@ CVE-2020-35932 (Insecure Deserialization in the Newsletter plugin before 6.8.2 f
CVE-2020-35931 (An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1. ...)
NOT-FOR-US: Foxit Reader
CVE-2019-25013 (The iconv feature in the GNU C Library (aka glibc or libc6) through 2. ...)
+ {DLA-3152-1}
- glibc 2.31-9 (bug #979273)
[stretch] - glibc <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24973
@@ -132066,8 +132898,8 @@ CVE-2020-35541
REJECTED
CVE-2020-35540
REJECTED
-CVE-2020-35539
- RESERVED
+CVE-2020-35539 (A flaw was found in Wordpress 5.1. "X-Forwarded-For" is a HTTP header ...)
+ TODO: check
CVE-2020-35538 (A crafted input file could cause a null pointer dereference in jcopy_s ...)
- libjpeg-turbo 1:2.0.6-1
[buster] - libjpeg-turbo <no-dsa> (Minor issue)
@@ -143843,6 +144675,7 @@ CVE-2020-27619 (In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.p
NOTE: https://bugs.python.org/issue41944
NOTE: Only affects the testsuite
CVE-2020-27618 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...)
+ {DLA-3152-1}
- glibc 2.31-5 (bug #973914)
[stretch] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26224
@@ -187422,6 +188255,7 @@ CVE-2020-10030 (An issue has been found in PowerDNS Recursor 4.1.0 up to and inc
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
NOTE: Non exploitable on Linux
CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...)
+ {DLA-3152-1}
- glibc 2.30-1 (bug #953108)
[stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <no-dsa> (Minor issue)
@@ -197471,6 +198305,7 @@ CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atft
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
NOTE: https://sourceforge.net/u/peterkaestle/atftp/ci/96409ef3b9ca061f9527cfaafa778105cf15d994/
CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)
+ {DLA-3152-1}
- glibc 2.31-2 (low; bug #961452)
[stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <not-affected> (Vulnerable code not present)
@@ -209814,6 +210649,7 @@ CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x ve
NOTE: Fixing commit only introduces a warning about disclosure when using certain
NOTE: options.
CVE-2020-1752 (A use-after-free vulnerability introduced in glibc upstream version 2. ...)
+ {DLA-3152-1}
- glibc 2.30-3 (bug #953788)
[stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <no-dsa> (Minor issue)
@@ -210702,6 +211538,7 @@ CVE-2019-19128
CVE-2019-19127 (An authentication bypass vulnerability is present in the standalone SI ...)
NOT-FOR-US: Tribal SITS
CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 ...)
+ {DLA-3152-1}
- glibc 2.29-8 (bug #945250)
[stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <not-affected> (Vulnerable code introduced in 2.23)
@@ -226515,11 +227352,10 @@ CVE-2019-14844 (A flaw was found in, Fedora versions of krb5 from 1.16.1 to, inc
NOTE: Fixed by: https://github.com/krb5/krb5/commit/275c9a1aad36a1a7b56042f1a2c21c33e7d16eaf
CVE-2019-14843 (A flaw was found in Wildfly Security Manager, running under JDK 11 or ...)
- wildfly <itp> (bug #752018)
-CVE-2019-14841
- RESERVED
+CVE-2019-14841 (A flaw was found in the RHDM, where an authenticated attacker can chan ...)
NOT-FOR-US: Red Hat Decision Manager
-CVE-2019-14840
- RESERVED
+CVE-2019-14840 (A flaw was found in the RHDM, where sensitive HTML form fields like Pa ...)
+ TODO: check
CVE-2019-14839 (It was observed that while login into Business-central console, HTTP r ...)
NOT-FOR-US: Red Hat / JBoss BPMS Business-central console
CVE-2019-14838 (A flaw was found in wildfly-core before 7.2.5.GA. The Management users ...)
@@ -354487,8 +355323,7 @@ CVE-2017-7518 (A flaw was found in the Linux kernel before version 4.12 in the w
NOTE: https://www.spinics.net/lists/kvm/msg151817.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464473
NOTE: Fixed by: https://git.kernel.org/linus/c8401dda2f0a00cd25c0af6a95ed50e478d25de4
-CVE-2017-7517
- RESERVED
+CVE-2017-7517 (An input validation vulnerability exists in Openshift Enterprise due t ...)
NOT-FOR-US: OpenShift
CVE-2017-7516
REJECTED
@@ -359033,6 +359868,7 @@ CVE-2017-6078 (FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to c
CVE-2017-6077 (ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 al ...)
NOT-FOR-US: NETGEAR
CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and e ...)
+ {DLA-3152-1}
- glibc 2.31-3 (low; bug #856503)
[stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0327667ca9dc3eadb8b224572a156b17eab6bb1b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0327667ca9dc3eadb8b224572a156b17eab6bb1b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221017/f2b30df7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list