[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 18 09:10:24 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3378fd9d by security tracker role at 2022-10-18T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-43395
+	RESERVED
+CVE-2022-43394
+	RESERVED
+CVE-2022-43393
+	RESERVED
+CVE-2022-43392
+	RESERVED
+CVE-2022-43391
+	RESERVED
+CVE-2022-43390
+	RESERVED
+CVE-2022-43389
+	RESERVED
+CVE-2022-43388
+	RESERVED
+CVE-2022-43387
+	RESERVED
+CVE-2022-43386
+	RESERVED
+CVE-2022-43385
+	RESERVED
+CVE-2022-43384
+	RESERVED
+CVE-2022-43383
+	RESERVED
+CVE-2022-43382
+	RESERVED
+CVE-2022-43381
+	RESERVED
+CVE-2022-43380
+	RESERVED
+CVE-2022-43379
+	RESERVED
+CVE-2022-42496
+	RESERVED
+CVE-2022-41777
+	RESERVED
+CVE-2022-41642
+	RESERVED
+CVE-2022-3575
+	RESERVED
+CVE-2022-3574
+	RESERVED
+CVE-2022-3573
+	RESERVED
+CVE-2022-3572
+	RESERVED
+CVE-2022-3571
+	RESERVED
+CVE-2022-3570
+	RESERVED
+CVE-2022-3569 (Due to an issue with incorrect sudo permissions, Zimbra Collaboration  ...)
+	TODO: check
+CVE-2022-3568
+	RESERVED
 CVE-2022-43378
 	RESERVED
 CVE-2022-43377
@@ -845,7 +901,7 @@ CVE-2022-3545 (A vulnerability has been found in Linux Kernel and classified as
 CVE-2022-3544 (A vulnerability, which was classified as problematic, was found in Lin ...)
 	TODO: check
 CVE-2022-3543 (A vulnerability, which was classified as problematic, has been found i ...)
-	 - linux <unfixed>
+	- linux <unfixed>
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/7a62ed61367b8fd01bae1e18e30602c25060d824 (6.1-rc1)
@@ -1052,13 +1108,13 @@ CVE-2022-42921
 	RESERVED
 CVE-2022-42920
 	RESERVED
-CVE-2022-3517
-	RESERVED
+CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw allows a ...)
+	TODO: check
 CVE-2022-3516
 	RESERVED
 CVE-2022-3515
 	RESERVED
-	{DSA-5255-1}
+	{DSA-5255-1 DLA-3153-1}
 	- libksba 1.6.2-1 (bug #1021928)
 	NOTE: https://gnupg.org/blog/20221017-pepe-left-the-ksba.html
 	NOTE: https://dev.gnupg.org/T6230
@@ -2210,8 +2266,8 @@ CVE-2022-3423 (Denial of Service in GitHub repository nocodb/nocodb prior to 0.9
 	NOT-FOR-US: nocodb
 CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i can cr ...)
 	NOT-FOR-US: ToolJet
-CVE-2022-3421
-	RESERVED
+CVE-2022-3421 (An attacker can pre-create the `/Applications/Google\ Drive.app/Conten ...)
+	TODO: check
 CVE-2022-3420
 	RESERVED
 CVE-2022-3419
@@ -2908,22 +2964,22 @@ CVE-2022-42151
 	RESERVED
 CVE-2022-42150
 	RESERVED
-CVE-2022-42149
-	RESERVED
+CVE-2022-42149 (kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via ...)
+	TODO: check
 CVE-2022-42148
 	RESERVED
-CVE-2022-42147
-	RESERVED
+CVE-2022-42147 (kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via control ...)
+	TODO: check
 CVE-2022-42146
 	RESERVED
 CVE-2022-42145
 	RESERVED
 CVE-2022-42144
 	RESERVED
-CVE-2022-42143
-	RESERVED
-CVE-2022-42142
-	RESERVED
+CVE-2022-42143 (Open Source SACCO Management System v1.0 is vulnerable to SQL Injectio ...)
+	TODO: check
+CVE-2022-42142 (Online Tours & Travels Management System v1.0 is vulnerable to Arb ...)
+	TODO: check
 CVE-2022-42141
 	RESERVED
 CVE-2022-42140
@@ -3251,8 +3307,8 @@ CVE-2022-3384
 	RESERVED
 CVE-2022-3383
 	RESERVED
-CVE-2022-3382
-	RESERVED
+CVE-2022-3382 (HIWIN Robot System Software version 3.3.21.9869 does not properly addr ...)
+	TODO: check
 CVE-2022-41983
 	RESERVED
 CVE-2022-41976
@@ -3574,8 +3630,8 @@ CVE-2022-3370
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3369
 	RESERVED
-CVE-2022-3368
-	RESERVED
+CVE-2022-3368 (A vulnerability within the Software Updater functionality of Avira Sec ...)
+	TODO: check
 CVE-2021-46844
 	RESERVED
 CVE-2021-46843
@@ -4653,8 +4709,8 @@ CVE-2022-41433
 	RESERVED
 CVE-2022-41432
 	RESERVED
-CVE-2022-41431
-	RESERVED
+CVE-2022-41431 (xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vuln ...)
+	TODO: check
 CVE-2022-41430 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...)
 	NOT-FOR-US: Bento4
 CVE-2022-41429 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...)
@@ -5394,8 +5450,8 @@ CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-fr
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2347
 	NOTE: https://git.kernel.org/linus/97113eb39fa7972722ff490b947d8af023e1f6a2 (5.14-rc1)
-CVE-2022-41139
-	RESERVED
+CVE-2022-41139 (MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gi ...)
+	TODO: check
 CVE-2022-41138 (In Zutty before 0.13, DECRQSS in text written to the terminal can achi ...)
 	- zutty 0.13.0.20220910.112547+dfsg1-1
 	NOTE: https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38 (0.13)
@@ -6721,10 +6777,10 @@ CVE-2022-3183
 	RESERVED
 CVE-2022-3182 (Improper Access Control vulnerability in the Duo SMS two-factor of Dev ...)
 	NOT-FOR-US: Devolutions Remote Desktop Manager
-CVE-2022-40606
-	RESERVED
-CVE-2022-40605
-	RESERVED
+CVE-2022-40606 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Deb ...)
+	TODO: check
+CVE-2022-40605 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Deb ...)
+	TODO: check
 CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily ...)
 	- airflow <itp> (bug #819700)
 CVE-2022-40603
@@ -7665,8 +7721,8 @@ CVE-2022-3160
 	RESERVED
 CVE-2022-3159
 	RESERVED
-CVE-2022-3158
-	RESERVED
+CVE-2022-3158 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...)
+	TODO: check
 CVE-2022-3157
 	RESERVED
 CVE-2022-3156
@@ -10275,14 +10331,14 @@ CVE-2022-39060
 	RESERVED
 CVE-2022-39059
 	RESERVED
-CVE-2022-39058
-	RESERVED
-CVE-2022-39057
-	RESERVED
-CVE-2022-39056
-	RESERVED
-CVE-2022-39055
-	RESERVED
+CVE-2022-39058 (RAVA certification validation system has a path traversal vulnerabilit ...)
+	TODO: check
+CVE-2022-39057 (RAVA certificate validation system has insufficient filtering for spec ...)
+	TODO: check
+CVE-2022-39056 (RAVA certificate validation system has insufficient validation for use ...)
+	TODO: check
+CVE-2022-39055 (RAVA certificate validation system has inadequate filtering for URL pa ...)
+	TODO: check
 CVE-2022-39054 (Cowell enterprise travel management system has insufficient filtering  ...)
 	NOT-FOR-US: Cowell enterprise travel management system
 CVE-2022-39053 (Heimavista Rpage has insufficient filtering for platform web URL. An u ...)
@@ -11245,8 +11301,8 @@ CVE-2020-36602 (There is an out-of-bounds read and write vulnerability in some h
 	NOT-FOR-US: Huawei
 CVE-2022-38744
 	RESERVED
-CVE-2022-38743
-	RESERVED
+CVE-2022-38743 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...)
+	TODO: check
 CVE-2022-38742 (Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2022-38741
@@ -61803,104 +61859,73 @@ CVE-2022-22253 (The DFX module has a vulnerability of improper validation of int
 	NOT-FOR-US: Harmony OS
 CVE-2022-22252 (The DFX module has a UAF vulnerability.Successful exploitation of this ...)
 	NOT-FOR-US: HarmonyOS
-CVE-2022-22251
-	RESERVED
+CVE-2022-22251 (On cSRX Series devices software permission issues in the container fil ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22250
-	RESERVED
+CVE-2022-22250 (An Improper Control of a Resource Through its Lifetime vulnerability i ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22249
-	RESERVED
+CVE-2022-22249 (An Improper Control of a Resource Through its Lifetime vulnerability i ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22248
-	RESERVED
+CVE-2022-22248 (An Incorrect Permission Assignment vulnerability in shell processing o ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22247
-	RESERVED
+CVE-2022-22247 (An Improper Input Validation vulnerability in ingress TCP segment proc ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22246
-	RESERVED
+CVE-2022-22246 (A PHP Local File Inclusion (LFI) vulnerability in the J-Web component  ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22245
-	RESERVED
+CVE-2022-22245 (A Path Traversal vulnerability in the J-Web component of Juniper Netwo ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22244
-	RESERVED
+CVE-2022-22244 (An XPath Injection vulnerability in the J-Web component of Juniper Net ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22243
-	RESERVED
+CVE-2022-22243 (An XPath Injection vulnerability due to Improper Input Validation in t ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22242
-	RESERVED
+CVE-2022-22242 (A Cross-site Scripting (XSS) vulnerability in the J-Web component of J ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22241
-	RESERVED
+CVE-2022-22241 (An Improper Input Validation vulnerability in the J-Web component of J ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22240
-	RESERVED
+CVE-2022-22240 (An Allocation of Resources Without Limits or Throttling and a Missing  ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22239
-	RESERVED
+CVE-2022-22239 (An Execution with Unnecessary Privileges vulnerability in Management D ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22238
-	RESERVED
+CVE-2022-22238 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22237
-	RESERVED
+CVE-2022-22237 (An Improper Authentication vulnerability in the kernel of Juniper Netw ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22236
-	RESERVED
+CVE-2022-22236 (An Access of Uninitialized Pointer vulnerability in SIP Application La ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22235
-	RESERVED
+CVE-2022-22235 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22234
-	RESERVED
+CVE-2022-22234 (An Improper Preservation of Consistency Between Independent Representa ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22233
-	RESERVED
+CVE-2022-22233 (An Unchecked Return Value to NULL Pointer Dereference vulnerability in ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22232
-	RESERVED
+CVE-2022-22232 (A NULL Pointer Dereference vulnerability in the Packet Forwarding Engi ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22231
-	RESERVED
+CVE-2022-22231 (An Unchecked Return Value to NULL Pointer Dereference vulnerability in ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22230
-	RESERVED
+CVE-2022-22230 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22229
-	RESERVED
+CVE-2022-22229 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22228
-	RESERVED
+CVE-2022-22228 (An Improper Validation of Specified Type of Input vulnerability in the ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22227
-	RESERVED
+CVE-2022-22227 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22226
-	RESERVED
+CVE-2022-22226 (In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Unc ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22225
-	RESERVED
+CVE-2022-22225 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in t ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22224
-	RESERVED
+CVE-2022-22224 (An Improper Check or Handling of Exceptional Conditions vulnerability  ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22223
-	RESERVED
+CVE-2022-22223 (On QFX10000 Series devices using Juniper Networks Junos OS when config ...)
 	NOT-FOR-US: Juniper
 CVE-2022-22222
 	RESERVED
 CVE-2022-22221 (An Improper Neutralization of Special Elements vulnerability in the do ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22220
-	RESERVED
+CVE-2022-22220 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in R ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22219
-	RESERVED
-CVE-2022-22218
-	RESERVED
+CVE-2022-22219 (Due to the Improper Handling of an Unexpected Data Type in the process ...)
+	TODO: check
+CVE-2022-22218 (On SRX Series devices, an Improper Check for Unusual or Exceptional Co ...)
 	NOT-FOR-US: Juniper
 CVE-2022-22217 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
 	NOT-FOR-US: Juniper
@@ -61914,15 +61939,13 @@ CVE-2022-22213 (A vulnerability in Handling of Undefined Values in the routing p
 	NOT-FOR-US: Juniper
 CVE-2022-22212 (An Allocation of Resources Without Limits or Throttling vulnerability  ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22211
-	RESERVED
+CVE-2022-22211 (A limitless resource allocation vulnerability in FPC resources of Juni ...)
 	NOT-FOR-US: Juniper
 CVE-2022-22210 (A NULL Pointer Dereference vulnerability in the Packet Forwarding Engi ...)
 	NOT-FOR-US: Juniper
 CVE-2022-22209 (A Missing Release of Memory after Effective Lifetime vulnerability in  ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22208
-	RESERVED
+CVE-2022-22208 (A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of ...)
 	NOT-FOR-US: Juniper
 CVE-2022-22207 (A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT ...)
 	NOT-FOR-US: Juniper
@@ -61936,8 +61959,7 @@ CVE-2022-22203 (An Incorrect Comparison vulnerability in PFE of Juniper Networks
 	NOT-FOR-US: Juniper
 CVE-2022-22202 (An Improper Handling of Exceptional Conditions vulnerability on specif ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22201
-	RESERVED
+CVE-2022-22201 (An Improper Validation of Specified Index, Position, or Offset in Inpu ...)
 	NOT-FOR-US: Juniper
 CVE-2022-22200
 	RESERVED
@@ -61956,8 +61978,7 @@ CVE-2022-22194 (An Improper Check for Unusual or Exceptional Conditions vulnerab
 	NOT-FOR-US: Juniper
 CVE-2022-22193 (An Improper Handling of Unexpected Data Type vulnerability in the Rout ...)
 	NOT-FOR-US: Juniper
-CVE-2022-22192
-	RESERVED
+CVE-2022-22192 (An Improper Validation of Syntactic Correctness of Input vulnerability ...)
 	NOT-FOR-US: Juniper
 CVE-2022-22191 (A Denial of Service (DoS) vulnerability in the processing of a flood o ...)
 	NOT-FOR-US: Juniper
@@ -69447,7 +69468,7 @@ CVE-2021-43617 (Laravel Framework through 8.70.2 does not sufficiently block the
 	NOTE: https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b
 CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: kimai2
-CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...)
+CVE-2021-43616 (** DISPUTED ** The npm ci command in npm 7.x and 8.x through 8.1.3 pro ...)
 	- npm 8.4.1~ds-1
 	[bullseye] - npm <no-dsa> (Minor issue)
 	[buster] - npm <no-dsa> (Minor issue)
@@ -190804,14 +190825,14 @@ CVE-2020-8978
 	RESERVED
 CVE-2020-8977
 	RESERVED
-CVE-2020-8976
-	RESERVED
-CVE-2020-8975
-	RESERVED
-CVE-2020-8974
-	RESERVED
-CVE-2020-8973
-	RESERVED
+CVE-2020-8976 (The integrated server of the ZGR TPS200 NG on its 2.00 firmware versio ...)
+	TODO: check
+CVE-2020-8975 (ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version,  ...)
+	TODO: check
+CVE-2020-8974 (In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the  ...)
+	TODO: check
+CVE-2020-8973 (ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version,  ...)
+	TODO: check
 CVE-2020-8972
 	RESERVED
 CVE-2020-8971



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3378fd9d1956d1b0cc09e4a5bcd83c915a238528

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3378fd9d1956d1b0cc09e4a5bcd83c915a238528
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221018/08ddb7d5/attachment.htm>


More information about the debian-security-tracker-commits mailing list