[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 18 21:10:28 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
421f887d by security tracker role at 2022-10-18T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2022-43399
+ RESERVED
+CVE-2022-43398
+ RESERVED
+CVE-2022-43397
+ RESERVED
+CVE-2022-43396
+ RESERVED
+CVE-2022-3591
+ RESERVED
+CVE-2022-3590
+ RESERVED
+CVE-2022-3589
+ RESERVED
+CVE-2022-3588
+ RESERVED
+CVE-2022-3587 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...)
+ TODO: check
+CVE-2022-3586
+ RESERVED
+CVE-2022-3585 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2022-3584 (A vulnerability was found in SourceCodester Canteen Management System ...)
+ TODO: check
+CVE-2022-3583 (A vulnerability was found in SourceCodester Canteen Management System ...)
+ TODO: check
+CVE-2022-3582 (A vulnerability has been found in SourceCodester Simple Cold Storage M ...)
+ TODO: check
+CVE-2022-3581 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2022-3580 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-3579 (A vulnerability classified as critical was found in SourceCodester Cas ...)
+ TODO: check
+CVE-2022-3578
+ RESERVED
+CVE-2022-3577
+ RESERVED
+CVE-2022-3576
+ RESERVED
CVE-2022-43395
RESERVED
CVE-2022-43394
@@ -290,10 +330,10 @@ CVE-2022-43262
RESERVED
CVE-2022-43261
RESERVED
-CVE-2022-43260
- RESERVED
-CVE-2022-43259
- RESERVED
+CVE-2022-43260 (Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overfl ...)
+ TODO: check
+CVE-2022-43259 (Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via ...)
+ TODO: check
CVE-2022-43258
RESERVED
CVE-2022-43257
@@ -1696,24 +1736,28 @@ CVE-2022-42724 (app/Controller/UsersController.php in MISP before 2.4.164 allows
CVE-2022-42723
RESERVED
CVE-2022-42722 (In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers ...)
+ {DSA-5257-1}
- linux 6.0.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
NOTE: https://github.com/PurpleVsGreen/beacown
CVE-2022-42721 (A list management bug in BSS handling in the mac80211 stack in the Lin ...)
+ {DSA-5257-1}
- linux 6.0.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
NOTE: https://github.com/PurpleVsGreen/beacown
CVE-2022-42720 (Various refcounting bugs in the multi-BSS handling in the mac80211 sta ...)
+ {DSA-5257-1}
- linux 6.0.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
NOTE: https://github.com/PurpleVsGreen/beacown
CVE-2022-42719 (A use-after-free in the mac80211 stack when parsing a multi-BSSID elem ...)
+ {DSA-5257-1}
- linux 6.0.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
@@ -2861,8 +2905,8 @@ CVE-2022-42204
RESERVED
CVE-2022-42203
RESERVED
-CVE-2022-42202
- RESERVED
+CVE-2022-42202 (TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to ...)
+ TODO: check
CVE-2022-42201
RESERVED
CVE-2022-42200
@@ -4045,6 +4089,7 @@ CVE-2022-41676
CVE-2022-41675
RESERVED
CVE-2022-41674 (An issue was discovered in the Linux kernel before 5.19.16. Attackers ...)
+ {DSA-5257-1}
- linux 6.0.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
@@ -4271,10 +4316,10 @@ CVE-2022-3341
RESERVED
CVE-2022-3340
RESERVED
-CVE-2022-3339
- RESERVED
-CVE-2022-3338
- RESERVED
+CVE-2022-3339 (A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5 ...)
+ TODO: check
+CVE-2022-3338 (An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update ...)
+ TODO: check
CVE-2022-3337
RESERVED
CVE-2022-3336
@@ -4456,6 +4501,7 @@ CVE-2022-3304
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3303 (A race condition flaw was found in the Linux kernel sound subsystem du ...)
+ {DSA-5257-1}
- linux 5.19.11-1
NOTE: https://git.kernel.org/linus/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d (6.0-rc5)
CVE-2022-3302
@@ -4480,28 +4526,28 @@ CVE-2022-41549
RESERVED
CVE-2022-41548
RESERVED
-CVE-2022-41547
- RESERVED
+CVE-2022-41547 (Mobile Security Framework (MobSF) v0.9.2 and below was discovered to c ...)
+ TODO: check
CVE-2022-41546
RESERVED
CVE-2022-41545
RESERVED
-CVE-2022-41544
- RESERVED
+CVE-2022-41544 (GetSimple CMS v3.3.16 was discovered to contain a remote code executio ...)
+ TODO: check
CVE-2022-41543
RESERVED
CVE-2022-41542 (devhub 0.102.0 was discovered to contain a broken session control. ...)
TODO: check
-CVE-2022-41541
- RESERVED
-CVE-2022-41540
- RESERVED
+CVE-2022-41541 (TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack b ...)
+ TODO: check
+CVE-2022-41540 (The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptog ...)
+ TODO: check
CVE-2022-41539 (Wedding Planner v1.0 was discovered to contain an arbitrary file uploa ...)
NOT-FOR-US: Wedding Planner
CVE-2022-41538 (Wedding Planner v1.0 was discovered to contain an arbitrary file uploa ...)
NOT-FOR-US: Wedding Planner
-CVE-2022-41537
- RESERVED
+CVE-2022-41537 (Online Tours & Travels Management System v1.0 was discovered to co ...)
+ TODO: check
CVE-2022-41536 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41535 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
@@ -4566,8 +4612,8 @@ CVE-2022-41506
RESERVED
CVE-2022-41505
RESERVED
-CVE-2022-41504
- RESERVED
+CVE-2022-41504 (An arbitrary file upload vulnerability in the component /php_action/ed ...)
+ TODO: check
CVE-2022-41503
RESERVED
CVE-2022-41502
@@ -4616,8 +4662,8 @@ CVE-2022-41481 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discover
NOT-FOR-US: Tenda
CVE-2022-41480 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...)
NOT-FOR-US: Tenda
-CVE-2022-41479
- RESERVED
+CVE-2022-41479 (The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ...)
+ TODO: check
CVE-2022-41478
RESERVED
CVE-2022-41477 (A security issue was discovered in WeBid <=1.2.2. A Server-Side Req ...)
@@ -6023,8 +6069,8 @@ CVE-2022-40891
RESERVED
CVE-2022-40890 (A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlie ...)
NOT-FOR-US: Open5GS
-CVE-2022-40889
- RESERVED
+CVE-2022-40889 (Phpok 6.1 has a deserialization vulnerability via framework/phpok_call ...)
+ TODO: check
CVE-2022-40888
RESERVED
CVE-2022-40887 (SourceCodester Best Student Result Management System 1.0 is vulnerable ...)
@@ -6452,8 +6498,8 @@ CVE-2022-40705 (** UNSUPPORTED WHEN ASSIGNED ** An Improper Restriction of XML E
NOT-FOR-US: Apache SOAP
CVE-2022-40696
RESERVED
-CVE-2022-40684
- RESERVED
+CVE-2022-40684 (An authentication bypass using an alternate path or channel [CWE-288] ...)
+ TODO: check
CVE-2022-40683
RESERVED
CVE-2022-40682
@@ -7004,6 +7050,7 @@ CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DE
CVE-2022-3177
RESERVED
CVE-2022-3176 (There exists a use-after-free in io_uring in the Linux kernel. Signalf ...)
+ {DSA-5257-1}
- linux 5.17.3-1
NOTE: https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659
CVE-2022-3175 (Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior ...)
@@ -7424,7 +7471,7 @@ CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound
NOTE: https://git.kernel.org/linus/6ab55ec0a938c7f943a4edba3d6514f775983887 (6.0-rc4)
NOTE: https://git.kernel.org/linus/5934d9a0383619c14df91af8fd76261dc3de2f5f (6.0-rc4)
CVE-2022-40307 (An issue was discovered in the Linux kernel through 5.19.8. drivers/fi ...)
- {DLA-3131-1}
+ {DSA-5257-1 DLA-3131-1}
- linux 5.19.11-1
NOTE: https://git.kernel.org/linus/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95
CVE-2022-40306 (The login form /Login in ECi Printanista Hub (formerly FMAudit Printsc ...)
@@ -8519,7 +8566,7 @@ CVE-2022-3121 (A vulnerability was found in SourceCodester Online Employee Leave
CVE-2022-39843 (123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for U ...)
NOT-FOR-US: Lotus 1-2-3
CVE-2022-39842 (An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu ...)
- {DLA-3131-1}
+ {DSA-5257-1 DLA-3131-1}
- linux 5.19.6-1 (unimportant)
NOTE: https://git.kernel.org/linus/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 (5.19-rc4)
NOTE: Driver not enabled in Debian configs
@@ -10083,7 +10130,7 @@ CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux kerne
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
NOTE: https://git.kernel.org/linus/6cd88243c7e03845a450795e134b488fc2afb736 (5.19-rc2)
CVE-2022-39188 (An issue was discovered in include/asm-generic/tlb.h in the Linux kern ...)
- {DLA-3131-1}
+ {DSA-5257-1 DLA-3131-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2329
@@ -10389,6 +10436,7 @@ CVE-2022-3063
CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not escape pa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program coul ...)
+ {DSA-5257-1}
- linux 5.18.2-1
NOTE: https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5)
CVE-2022-39043
@@ -14476,6 +14524,7 @@ CVE-2022-37618
CVE-2022-37617 (Prototype pollution vulnerability in function resolveShims in resolve- ...)
NOT-FOR-US: Node browserify-shim
CVE-2022-37616 (A prototype pollution vulnerability exists in the function copy in dom ...)
+ {DLA-3154-1}
- node-xmldom 0.8.3-1 (bug #1021618)
[bullseye] - node-xmldom <no-dsa> (Minor issue)
NOTE: https://github.com/xmldom/xmldom/issues/436
@@ -15053,7 +15102,7 @@ CVE-2020-36571
CVE-2020-36570
RESERVED
CVE-2022-2663 (An issue was found in the Linux kernel in nf_conntrack_irc where the m ...)
- {DLA-3131-1}
+ {DSA-5257-1 DLA-3131-1}
- linux 6.0.2-1
NOTE: https://www.openwall.com/lists/oss-security/2022/08/30/1
CVE-2022-2662 (Sequi PortBloque S has a improper authentication issues which may allo ...)
@@ -15427,6 +15476,7 @@ CVE-2022-2603 (Use after free in Omnibox in Google Chrome prior to 104.0.5112.79
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2602 [io_uring/af_unix: defer registered files gc to io_uring release]
RESERVED
+ {DSA-5257-1}
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0091bfc81741b8d3aeb3b7ab8636f911b2de6e80
@@ -17451,10 +17501,10 @@ CVE-2022-2529 (sflow decode package does not employ sufficient packet sanitisati
NOT-FOR-US: goflow
CVE-2022-2528 (In affected versions of Octopus Deploy it is possible to upload a pack ...)
NOT-FOR-US: Octopus Deploy
-CVE-2022-36439
- RESERVED
-CVE-2022-36438
- RESERVED
+CVE-2022-36439 (AsusSoftwareManager.exe in ASUS System Control Interface on ASUS perso ...)
+ TODO: check
+CVE-2022-36438 (AsusSwitch.exe on ASUS personal computers (running Windows) sets weak ...)
+ TODO: check
CVE-2022-36437
RESERVED
CVE-2022-36436 (OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap ...)
@@ -23774,7 +23824,7 @@ CVE-2022-34170 (In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1
CVE-2022-2166
RESERVED
CVE-2022-34169 (The Apache Xalan Java XSLT library is vulnerable to an integer truncat ...)
- {DSA-5192-1 DSA-5188-1}
+ {DSA-5256-1 DSA-5192-1 DSA-5188-1 DLA-3155-1}
- openjdk-8 8u342-b07-1
- openjdk-11 11.0.16+8-1
- openjdk-17 17.0.4+8-1
@@ -32027,8 +32077,8 @@ CVE-2022-31124 (openssh_key_parser is an open source Python package providing ut
NOT-FOR-US: openssh_key_parser
CVE-2022-31123 (Grafana is an open source observability and data visualization platfor ...)
- grafana <removed>
-CVE-2022-31122
- RESERVED
+CVE-2022-31122 (Wire is an encrypted communication and collaboration platform. Version ...)
+ TODO: check
CVE-2022-31121 (Hyperledger Fabric is a permissioned distributed ledger framework. In ...)
NOT-FOR-US: Hyperledger Fabric
CVE-2022-31120 (Nextcloud server is an open source personal cloud solution. The audit ...)
@@ -32257,8 +32307,8 @@ CVE-2022-31039 (Greenlight is a simple front-end interface for your BigBlueButto
NOT-FOR-US: Greenlight (front-end interface for your BigBlueButton)
CVE-2022-31038 (Gogs is an open source self-hosted Git service. In versions of gogs pr ...)
NOT-FOR-US: Go Git Service
-CVE-2022-31037
- RESERVED
+CVE-2022-31037 (OroCommerce is an open-source Business to Business Commerce applicatio ...)
+ TODO: check
CVE-2022-31036 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2022-31035 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
@@ -40708,6 +40758,7 @@ CVE-2022-28220 (Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a
CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab ...)
- gitlab <unfixed>
CVE-2022-1184 (A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() i ...)
+ {DSA-5257-1}
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205
@@ -57688,6 +57739,7 @@ CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read ...)
CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-0171 (A flaw was found in the Linux kernel. The existing KVM SEV API has a v ...)
+ {DSA-5257-1}
- linux 5.18.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -65884,6 +65936,7 @@ CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector
CVE-2021-44470 (Incorrect default permissions for the Intel(R) Connect M Android appli ...)
NOT-FOR-US: Intel
CVE-2021-4037 (A vulnerability was found in the fs/inode.c:inode_init_owner() functio ...)
+ {DSA-5257-1}
- linux 5.14.6-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027239
NOTE: https://git.kernel.org/linus/01ea173e103edd5ec41acec65b9261b87e123fc2 (5.12-rc1)
@@ -73918,6 +73971,7 @@ CVE-2022-20422 (In emulation_proc_handler of armv8_deprecated.c, there is a poss
NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
NOTE: https://git.kernel.org/linus/af483947d472eccb79e42059276c4deed76f99a6 (6.0-rc1)
CVE-2022-20421 (In binder_inc_ref_for_node of binder.c, there is a possible way to cor ...)
+ {DSA-5257-1}
- linux 5.19.11-1
[buster] - linux 4.19.260-1
NOTE: https://source.android.com/docs/security/bulletin/2022-10-01
@@ -116173,8 +116227,8 @@ CVE-2021-3307
RESERVED
CVE-2021-3306
RESERVED
-CVE-2021-3305
- RESERVED
+CVE-2021-3305 (Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to co ...)
+ TODO: check
CVE-2021-3304 (Sagemcom F at ST 3686 v2 3.495 devices have a buffer overflow via a long ...)
NOT-FOR-US: Sagemcom
CVE-2021-3303
@@ -171057,8 +171111,8 @@ CVE-2020-15855 (Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6
NOT-FOR-US: Bodhi
CVE-2020-15854
RESERVED
-CVE-2020-15853
- RESERVED
+CVE-2020-15853 (supybot-fedora implements the command 'refresh', that refreshes the ca ...)
+ TODO: check
CVE-2020-XXXX [mpv insecure lua loadpath]
- mpv 0.32.0-2 (bug #950816)
[buster] - mpv <no-dsa> (Minor issue)
@@ -370636,7 +370690,6 @@ CVE-2017-2626 (It was discovered that libICE before 1.0.9-8 used a weak entropy
[wheezy] - libice <no-dsa> (Minor issue, can be fixed in a point update or next DSA)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
CVE-2017-2625 (It was discovered that libXdmcp before 1.1.2 including used weak entro ...)
- {DLA-2006-1}
- libxdmcp 1:1.1.2-2 (bug #856399)
[wheezy] - libxdmcp <no-dsa> (Minor issue, can be fixed in a point update or next DSA)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/421f887d2546865ad320d4456de45d5dc2f962a9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/421f887d2546865ad320d4456de45d5dc2f962a9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221018/588317ff/attachment.htm>
More information about the debian-security-tracker-commits
mailing list