[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 18 09:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3378fd9d by security tracker role at 2022-10-18T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-43395
+ RESERVED
+CVE-2022-43394
+ RESERVED
+CVE-2022-43393
+ RESERVED
+CVE-2022-43392
+ RESERVED
+CVE-2022-43391
+ RESERVED
+CVE-2022-43390
+ RESERVED
+CVE-2022-43389
+ RESERVED
+CVE-2022-43388
+ RESERVED
+CVE-2022-43387
+ RESERVED
+CVE-2022-43386
+ RESERVED
+CVE-2022-43385
+ RESERVED
+CVE-2022-43384
+ RESERVED
+CVE-2022-43383
+ RESERVED
+CVE-2022-43382
+ RESERVED
+CVE-2022-43381
+ RESERVED
+CVE-2022-43380
+ RESERVED
+CVE-2022-43379
+ RESERVED
+CVE-2022-42496
+ RESERVED
+CVE-2022-41777
+ RESERVED
+CVE-2022-41642
+ RESERVED
+CVE-2022-3575
+ RESERVED
+CVE-2022-3574
+ RESERVED
+CVE-2022-3573
+ RESERVED
+CVE-2022-3572
+ RESERVED
+CVE-2022-3571
+ RESERVED
+CVE-2022-3570
+ RESERVED
+CVE-2022-3569 (Due to an issue with incorrect sudo permissions, Zimbra Collaboration ...)
+ TODO: check
+CVE-2022-3568
+ RESERVED
CVE-2022-43378
RESERVED
CVE-2022-43377
@@ -845,7 +901,7 @@ CVE-2022-3545 (A vulnerability has been found in Linux Kernel and classified as
CVE-2022-3544 (A vulnerability, which was classified as problematic, was found in Lin ...)
TODO: check
CVE-2022-3543 (A vulnerability, which was classified as problematic, has been found i ...)
- - linux <unfixed>
+ - linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7a62ed61367b8fd01bae1e18e30602c25060d824 (6.1-rc1)
@@ -1052,13 +1108,13 @@ CVE-2022-42921
RESERVED
CVE-2022-42920
RESERVED
-CVE-2022-3517
- RESERVED
+CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw allows a ...)
+ TODO: check
CVE-2022-3516
RESERVED
CVE-2022-3515
RESERVED
- {DSA-5255-1}
+ {DSA-5255-1 DLA-3153-1}
- libksba 1.6.2-1 (bug #1021928)
NOTE: https://gnupg.org/blog/20221017-pepe-left-the-ksba.html
NOTE: https://dev.gnupg.org/T6230
@@ -2210,8 +2266,8 @@ CVE-2022-3423 (Denial of Service in GitHub repository nocodb/nocodb prior to 0.9
NOT-FOR-US: nocodb
CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i can cr ...)
NOT-FOR-US: ToolJet
-CVE-2022-3421
- RESERVED
+CVE-2022-3421 (An attacker can pre-create the `/Applications/Google\ Drive.app/Conten ...)
+ TODO: check
CVE-2022-3420
RESERVED
CVE-2022-3419
@@ -2908,22 +2964,22 @@ CVE-2022-42151
RESERVED
CVE-2022-42150
RESERVED
-CVE-2022-42149
- RESERVED
+CVE-2022-42149 (kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via ...)
+ TODO: check
CVE-2022-42148
RESERVED
-CVE-2022-42147
- RESERVED
+CVE-2022-42147 (kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via control ...)
+ TODO: check
CVE-2022-42146
RESERVED
CVE-2022-42145
RESERVED
CVE-2022-42144
RESERVED
-CVE-2022-42143
- RESERVED
-CVE-2022-42142
- RESERVED
+CVE-2022-42143 (Open Source SACCO Management System v1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-42142 (Online Tours & Travels Management System v1.0 is vulnerable to Arb ...)
+ TODO: check
CVE-2022-42141
RESERVED
CVE-2022-42140
@@ -3251,8 +3307,8 @@ CVE-2022-3384
RESERVED
CVE-2022-3383
RESERVED
-CVE-2022-3382
- RESERVED
+CVE-2022-3382 (HIWIN Robot System Software version 3.3.21.9869 does not properly addr ...)
+ TODO: check
CVE-2022-41983
RESERVED
CVE-2022-41976
@@ -3574,8 +3630,8 @@ CVE-2022-3370
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3369
RESERVED
-CVE-2022-3368
- RESERVED
+CVE-2022-3368 (A vulnerability within the Software Updater functionality of Avira Sec ...)
+ TODO: check
CVE-2021-46844
RESERVED
CVE-2021-46843
@@ -4653,8 +4709,8 @@ CVE-2022-41433
RESERVED
CVE-2022-41432
RESERVED
-CVE-2022-41431
- RESERVED
+CVE-2022-41431 (xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vuln ...)
+ TODO: check
CVE-2022-41430 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...)
NOT-FOR-US: Bento4
CVE-2022-41429 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...)
@@ -5394,8 +5450,8 @@ CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-fr
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2347
NOTE: https://git.kernel.org/linus/97113eb39fa7972722ff490b947d8af023e1f6a2 (5.14-rc1)
-CVE-2022-41139
- RESERVED
+CVE-2022-41139 (MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gi ...)
+ TODO: check
CVE-2022-41138 (In Zutty before 0.13, DECRQSS in text written to the terminal can achi ...)
- zutty 0.13.0.20220910.112547+dfsg1-1
NOTE: https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38 (0.13)
@@ -6721,10 +6777,10 @@ CVE-2022-3183
RESERVED
CVE-2022-3182 (Improper Access Control vulnerability in the Duo SMS two-factor of Dev ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
-CVE-2022-40606
- RESERVED
-CVE-2022-40605
- RESERVED
+CVE-2022-40606 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Deb ...)
+ TODO: check
+CVE-2022-40605 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Deb ...)
+ TODO: check
CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily ...)
- airflow <itp> (bug #819700)
CVE-2022-40603
@@ -7665,8 +7721,8 @@ CVE-2022-3160
RESERVED
CVE-2022-3159
RESERVED
-CVE-2022-3158
- RESERVED
+CVE-2022-3158 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...)
+ TODO: check
CVE-2022-3157
RESERVED
CVE-2022-3156
@@ -10275,14 +10331,14 @@ CVE-2022-39060
RESERVED
CVE-2022-39059
RESERVED
-CVE-2022-39058
- RESERVED
-CVE-2022-39057
- RESERVED
-CVE-2022-39056
- RESERVED
-CVE-2022-39055
- RESERVED
+CVE-2022-39058 (RAVA certification validation system has a path traversal vulnerabilit ...)
+ TODO: check
+CVE-2022-39057 (RAVA certificate validation system has insufficient filtering for spec ...)
+ TODO: check
+CVE-2022-39056 (RAVA certificate validation system has insufficient validation for use ...)
+ TODO: check
+CVE-2022-39055 (RAVA certificate validation system has inadequate filtering for URL pa ...)
+ TODO: check
CVE-2022-39054 (Cowell enterprise travel management system has insufficient filtering ...)
NOT-FOR-US: Cowell enterprise travel management system
CVE-2022-39053 (Heimavista Rpage has insufficient filtering for platform web URL. An u ...)
@@ -11245,8 +11301,8 @@ CVE-2020-36602 (There is an out-of-bounds read and write vulnerability in some h
NOT-FOR-US: Huawei
CVE-2022-38744
RESERVED
-CVE-2022-38743
- RESERVED
+CVE-2022-38743 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...)
+ TODO: check
CVE-2022-38742 (Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is ...)
NOT-FOR-US: Rockwell Automation
CVE-2022-38741
@@ -61803,104 +61859,73 @@ CVE-2022-22253 (The DFX module has a vulnerability of improper validation of int
NOT-FOR-US: Harmony OS
CVE-2022-22252 (The DFX module has a UAF vulnerability.Successful exploitation of this ...)
NOT-FOR-US: HarmonyOS
-CVE-2022-22251
- RESERVED
+CVE-2022-22251 (On cSRX Series devices software permission issues in the container fil ...)
NOT-FOR-US: Juniper
-CVE-2022-22250
- RESERVED
+CVE-2022-22250 (An Improper Control of a Resource Through its Lifetime vulnerability i ...)
NOT-FOR-US: Juniper
-CVE-2022-22249
- RESERVED
+CVE-2022-22249 (An Improper Control of a Resource Through its Lifetime vulnerability i ...)
NOT-FOR-US: Juniper
-CVE-2022-22248
- RESERVED
+CVE-2022-22248 (An Incorrect Permission Assignment vulnerability in shell processing o ...)
NOT-FOR-US: Juniper
-CVE-2022-22247
- RESERVED
+CVE-2022-22247 (An Improper Input Validation vulnerability in ingress TCP segment proc ...)
NOT-FOR-US: Juniper
-CVE-2022-22246
- RESERVED
+CVE-2022-22246 (A PHP Local File Inclusion (LFI) vulnerability in the J-Web component ...)
NOT-FOR-US: Juniper
-CVE-2022-22245
- RESERVED
+CVE-2022-22245 (A Path Traversal vulnerability in the J-Web component of Juniper Netwo ...)
NOT-FOR-US: Juniper
-CVE-2022-22244
- RESERVED
+CVE-2022-22244 (An XPath Injection vulnerability in the J-Web component of Juniper Net ...)
NOT-FOR-US: Juniper
-CVE-2022-22243
- RESERVED
+CVE-2022-22243 (An XPath Injection vulnerability due to Improper Input Validation in t ...)
NOT-FOR-US: Juniper
-CVE-2022-22242
- RESERVED
+CVE-2022-22242 (A Cross-site Scripting (XSS) vulnerability in the J-Web component of J ...)
NOT-FOR-US: Juniper
-CVE-2022-22241
- RESERVED
+CVE-2022-22241 (An Improper Input Validation vulnerability in the J-Web component of J ...)
NOT-FOR-US: Juniper
-CVE-2022-22240
- RESERVED
+CVE-2022-22240 (An Allocation of Resources Without Limits or Throttling and a Missing ...)
NOT-FOR-US: Juniper
-CVE-2022-22239
- RESERVED
+CVE-2022-22239 (An Execution with Unnecessary Privileges vulnerability in Management D ...)
NOT-FOR-US: Juniper
-CVE-2022-22238
- RESERVED
+CVE-2022-22238 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2022-22237
- RESERVED
+CVE-2022-22237 (An Improper Authentication vulnerability in the kernel of Juniper Netw ...)
NOT-FOR-US: Juniper
-CVE-2022-22236
- RESERVED
+CVE-2022-22236 (An Access of Uninitialized Pointer vulnerability in SIP Application La ...)
NOT-FOR-US: Juniper
-CVE-2022-22235
- RESERVED
+CVE-2022-22235 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2022-22234
- RESERVED
+CVE-2022-22234 (An Improper Preservation of Consistency Between Independent Representa ...)
NOT-FOR-US: Juniper
-CVE-2022-22233
- RESERVED
+CVE-2022-22233 (An Unchecked Return Value to NULL Pointer Dereference vulnerability in ...)
NOT-FOR-US: Juniper
-CVE-2022-22232
- RESERVED
+CVE-2022-22232 (A NULL Pointer Dereference vulnerability in the Packet Forwarding Engi ...)
NOT-FOR-US: Juniper
-CVE-2022-22231
- RESERVED
+CVE-2022-22231 (An Unchecked Return Value to NULL Pointer Dereference vulnerability in ...)
NOT-FOR-US: Juniper
-CVE-2022-22230
- RESERVED
+CVE-2022-22230 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...)
NOT-FOR-US: Juniper
-CVE-2022-22229
- RESERVED
+CVE-2022-22229 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
NOT-FOR-US: Juniper
-CVE-2022-22228
- RESERVED
+CVE-2022-22228 (An Improper Validation of Specified Type of Input vulnerability in the ...)
NOT-FOR-US: Juniper
-CVE-2022-22227
- RESERVED
+CVE-2022-22227 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2022-22226
- RESERVED
+CVE-2022-22226 (In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Unc ...)
NOT-FOR-US: Juniper
-CVE-2022-22225
- RESERVED
+CVE-2022-22225 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in t ...)
NOT-FOR-US: Juniper
-CVE-2022-22224
- RESERVED
+CVE-2022-22224 (An Improper Check or Handling of Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2022-22223
- RESERVED
+CVE-2022-22223 (On QFX10000 Series devices using Juniper Networks Junos OS when config ...)
NOT-FOR-US: Juniper
CVE-2022-22222
RESERVED
CVE-2022-22221 (An Improper Neutralization of Special Elements vulnerability in the do ...)
NOT-FOR-US: Juniper
-CVE-2022-22220
- RESERVED
+CVE-2022-22220 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in R ...)
NOT-FOR-US: Juniper
-CVE-2022-22219
- RESERVED
-CVE-2022-22218
- RESERVED
+CVE-2022-22219 (Due to the Improper Handling of an Unexpected Data Type in the process ...)
+ TODO: check
+CVE-2022-22218 (On SRX Series devices, an Improper Check for Unusual or Exceptional Co ...)
NOT-FOR-US: Juniper
CVE-2022-22217 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
@@ -61914,15 +61939,13 @@ CVE-2022-22213 (A vulnerability in Handling of Undefined Values in the routing p
NOT-FOR-US: Juniper
CVE-2022-22212 (An Allocation of Resources Without Limits or Throttling vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2022-22211
- RESERVED
+CVE-2022-22211 (A limitless resource allocation vulnerability in FPC resources of Juni ...)
NOT-FOR-US: Juniper
CVE-2022-22210 (A NULL Pointer Dereference vulnerability in the Packet Forwarding Engi ...)
NOT-FOR-US: Juniper
CVE-2022-22209 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
NOT-FOR-US: Juniper
-CVE-2022-22208
- RESERVED
+CVE-2022-22208 (A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of ...)
NOT-FOR-US: Juniper
CVE-2022-22207 (A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT ...)
NOT-FOR-US: Juniper
@@ -61936,8 +61959,7 @@ CVE-2022-22203 (An Incorrect Comparison vulnerability in PFE of Juniper Networks
NOT-FOR-US: Juniper
CVE-2022-22202 (An Improper Handling of Exceptional Conditions vulnerability on specif ...)
NOT-FOR-US: Juniper
-CVE-2022-22201
- RESERVED
+CVE-2022-22201 (An Improper Validation of Specified Index, Position, or Offset in Inpu ...)
NOT-FOR-US: Juniper
CVE-2022-22200
RESERVED
@@ -61956,8 +61978,7 @@ CVE-2022-22194 (An Improper Check for Unusual or Exceptional Conditions vulnerab
NOT-FOR-US: Juniper
CVE-2022-22193 (An Improper Handling of Unexpected Data Type vulnerability in the Rout ...)
NOT-FOR-US: Juniper
-CVE-2022-22192
- RESERVED
+CVE-2022-22192 (An Improper Validation of Syntactic Correctness of Input vulnerability ...)
NOT-FOR-US: Juniper
CVE-2022-22191 (A Denial of Service (DoS) vulnerability in the processing of a flood o ...)
NOT-FOR-US: Juniper
@@ -69447,7 +69468,7 @@ CVE-2021-43617 (Laravel Framework through 8.70.2 does not sufficiently block the
NOTE: https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b
CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
-CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...)
+CVE-2021-43616 (** DISPUTED ** The npm ci command in npm 7.x and 8.x through 8.1.3 pro ...)
- npm 8.4.1~ds-1
[bullseye] - npm <no-dsa> (Minor issue)
[buster] - npm <no-dsa> (Minor issue)
@@ -190804,14 +190825,14 @@ CVE-2020-8978
RESERVED
CVE-2020-8977
RESERVED
-CVE-2020-8976
- RESERVED
-CVE-2020-8975
- RESERVED
-CVE-2020-8974
- RESERVED
-CVE-2020-8973
- RESERVED
+CVE-2020-8976 (The integrated server of the ZGR TPS200 NG on its 2.00 firmware versio ...)
+ TODO: check
+CVE-2020-8975 (ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, ...)
+ TODO: check
+CVE-2020-8974 (In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the ...)
+ TODO: check
+CVE-2020-8973 (ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, ...)
+ TODO: check
CVE-2020-8972
RESERVED
CVE-2020-8971
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3378fd9d1956d1b0cc09e4a5bcd83c915a238528
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3378fd9d1956d1b0cc09e4a5bcd83c915a238528
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221018/08ddb7d5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list