[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 26 09:10:25 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d7d1a7c by security tracker role at 2022-10-26T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2022-43760
+	RESERVED
+CVE-2022-43759
+	RESERVED
+CVE-2022-43758
+	RESERVED
+CVE-2022-43757
+	RESERVED
+CVE-2022-43756
+	RESERVED
+CVE-2022-43755
+	RESERVED
+CVE-2022-43754
+	RESERVED
+CVE-2022-43753
+	RESERVED
+CVE-2022-43752
+	RESERVED
+CVE-2022-43751
+	RESERVED
+CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 ...)
+	TODO: check
+CVE-2022-43749
+	RESERVED
+CVE-2022-43748
+	RESERVED
+CVE-2022-43747 (baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2 ...)
+	TODO: check
+CVE-2022-3687
+	RESERVED
+CVE-2022-3686
+	RESERVED
+CVE-2022-3685
+	RESERVED
+CVE-2022-3684
+	RESERVED
+CVE-2022-3683
+	RESERVED
+CVE-2022-3682
+	RESERVED
+CVE-2022-3681
+	RESERVED
 CVE-2022-43746
 	RESERVED
 CVE-2022-43745
@@ -969,7 +1011,8 @@ CVE-2022-3595 (A vulnerability was found in Linux Kernel. It has been rated as p
 CVE-2022-3594 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
 	- linux 6.0.3-1
 	NOTE: https://git.kernel.org/linus/93e2be344a7db169b7119de21ac1bf253b8c6907 (6.1-rc1)
-CVE-2022-3593 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
+CVE-2022-3593
+	REJECTED
 	- iproute2 5.19.0-1 (unimportant)
 	NOTE: https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=2cb76253ed852559a4f2b315f5e23457a15d71e5
 	NOTE: Memory leak in CLI tool, no security impact
@@ -2038,19 +2081,23 @@ CVE-2022-3531 (A vulnerability was found in Linux Kernel. It has been classified
 	- linux <unfixed> (unimportant)
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=6d2e21dc4db3933db65293552ecc1ede26febeca
 	NOTE: Issue only in selftest/bpf.
-CVE-2022-3530 (A vulnerability was found in Linux Kernel and classified as problemati ...)
+CVE-2022-3530
+	REJECTED
 	- iproute2 5.19.0-1 (unimportant)
 	NOTE: https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=1d540336b026ed5bfe10eefac383db7f434d842f
 	NOTE: Memory leak in CLI tool, no security impact
-CVE-2022-3529 (A vulnerability has been found in Linux Kernel and classified as probl ...)
+CVE-2022-3529
+	REJECTED
 	- iproute2 5.19.0-1 (unimportant)
 	NOTE: https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=6db01afd60748afbba114be2773be338c5be28ff
 	NOTE: Memory leak in CLI tool, no security impact
-CVE-2022-3528 (A vulnerability, which was classified as problematic, was found in Lin ...)
+CVE-2022-3528
+	REJECTED
 	- iproute2 5.19.0-1 (unimportant)
 	NOTE: https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=afdbb0204a5872f1f76058a0db5a529b1f0c8de7
 	NOTE: Memory leak in CLI tool, no security impact
-CVE-2022-3527 (A vulnerability, which was classified as problematic, has been found i ...)
+CVE-2022-3527
+	REJECTED
 	- iproute2 5.19.0-1 (unimportant)
 	NOTE: https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=c5433c4b7a57d380f4cb351316f5ba5ebae9538e
 	NOTE: Memory leak in CLI tool, no security impact
@@ -5104,8 +5151,8 @@ CVE-2022-41713
 	RESERVED
 CVE-2022-41712
 	RESERVED
-CVE-2022-41711
-	RESERVED
+CVE-2022-41711 (Badaso version 2.6.0 allows an unauthenticated remote attacker to exec ...)
+	TODO: check
 CVE-2022-41710
 	RESERVED
 CVE-2022-41709 (Markdownify version 1.4.1 allows an external attacker to execute arbit ...)
@@ -27453,22 +27500,22 @@ CVE-2022-33187
 	RESERVED
 CVE-2022-33186
 	RESERVED
-CVE-2022-33185
-	RESERVED
-CVE-2022-33184
-	RESERVED
-CVE-2022-33183
-	RESERVED
-CVE-2022-33182
-	RESERVED
-CVE-2022-33181
-	RESERVED
-CVE-2022-33180
-	RESERVED
-CVE-2022-33179
-	RESERVED
-CVE-2022-33178
-	RESERVED
+CVE-2022-33185 (Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1 ...)
+	TODO: check
+CVE-2022-33184 (A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS vers ...)
+	TODO: check
+CVE-2022-33183 (A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1 ...)
+	TODO: check
+CVE-2022-33182 (A privilege escalation vulnerability in Brocade Fabric OS CLI before B ...)
+	TODO: check
+CVE-2022-33181 (An information disclosure vulnerability in Brocade Fabric OS CLI befor ...)
+	TODO: check
+CVE-2022-33180 (A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1 ...)
+	TODO: check
+CVE-2022-33179 (A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1 ...)
+	TODO: check
+CVE-2022-33178 (A vulnerability in the radius authentication system of Brocade Fabric  ...)
+	TODO: check
 CVE-2022-33175 (Power Distribution Units running on Powertek firmware (multiple brands ...)
 	NOT-FOR-US: Powertek
 CVE-2022-33174 (Power Distribution Units running on Powertek firmware (multiple brands ...)
@@ -42168,10 +42215,10 @@ CVE-2022-1160 (heap buffer overflow in get_one_sourceline in GitHub repository v
 	NOTE: https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c/
 	NOTE: Introduced by: https://github.com/vim/vim/commit/85b43c6cb7d56919e245622f4e42db6d8bee4194 (v8.2.4603)
 	NOTE: Fixed by: https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db (v8.2.4647)
-CVE-2022-28170
-	RESERVED
-CVE-2022-28169
-	RESERVED
+CVE-2022-28170 (Brocade Fabric OS Web Application services before Brocade Fabric v9.1. ...)
+	TODO: check
+CVE-2022-28169 (Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric O ...)
+	TODO: check
 CVE-2022-28168 (In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1 ...)
 	NOT-FOR-US: Brocade
 CVE-2022-28167 (Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2 ...)
@@ -48559,8 +48606,8 @@ CVE-2022-25851 (The package jpeg-js before 0.4.4 are vulnerable to Denial of Ser
 	NOT-FOR-US: jpeg-js
 CVE-2022-25850 (The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnera ...)
 	NOT-FOR-US: hoppscotch proxyscotch
-CVE-2022-25849
-	RESERVED
+CVE-2022-25849 (The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site S ...)
+	TODO: check
 CVE-2022-25848
 	RESERVED
 CVE-2022-25847



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7d1a7c0f7c91f6ba0a2c38700888a74f07a0a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7d1a7c0f7c91f6ba0a2c38700888a74f07a0a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221026/ab67175a/attachment.htm>


More information about the debian-security-tracker-commits mailing list