[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 27 09:10:25 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
faf49d27 by security tracker role at 2022-10-27T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2022-43945
+ RESERVED
+CVE-2022-43944
+ RESERVED
+CVE-2022-43943
+ RESERVED
+CVE-2022-43942
+ RESERVED
+CVE-2022-43941
+ RESERVED
+CVE-2022-43940
+ RESERVED
+CVE-2022-43939
+ RESERVED
+CVE-2022-43938
+ RESERVED
+CVE-2022-43937
+ RESERVED
+CVE-2022-43936
+ RESERVED
+CVE-2022-43935
+ RESERVED
+CVE-2022-43934
+ RESERVED
+CVE-2022-43933
+ RESERVED
+CVE-2022-3713
+ RESERVED
+CVE-2022-3712
+ RESERVED
+CVE-2022-3711
+ RESERVED
+CVE-2022-3710
+ RESERVED
+CVE-2022-3709
+ RESERVED
+CVE-2022-3708
+ RESERVED
+CVE-2022-3707
+ RESERVED
+CVE-2022-3706
+ RESERVED
CVE-2022-43932
RESERVED
CVE-2022-43931
@@ -342,10 +384,10 @@ CVE-2022-43762
RESERVED
CVE-2022-43761
RESERVED
-CVE-2022-3705
- RESERVED
-CVE-2022-3704
- RESERVED
+CVE-2022-3705 (A vulnerability was found in vim and classified as problematic. Affect ...)
+ TODO: check
+CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby on Ra ...)
+ TODO: check
CVE-2022-3703
RESERVED
CVE-2022-3702
@@ -5282,8 +5324,8 @@ CVE-2022-3365
RESERVED
CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-3363
- RESERVED
+CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...)
+ TODO: check
CVE-2022-3362
RESERVED
CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...)
@@ -5355,8 +5397,8 @@ CVE-2022-40967
RESERVED
CVE-2022-40965
RESERVED
-CVE-2022-40703
- RESERVED
+CVE-2022-40703 (CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Ka ...)
+ TODO: check
CVE-2022-40204
RESERVED
CVE-2022-40202
@@ -11169,8 +11211,8 @@ CVE-2022-39357 (Winter is a free, open-source content management system based on
NOT-FOR-US: Winter
CVE-2022-39356
RESERVED
-CVE-2022-39355
- RESERVED
+CVE-2022-39355 (Discourse Patreon enables syncronization between Discourse Groups and ...)
+ TODO: check
CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of Ethereum Virtu ...)
TODO: check
CVE-2022-39353
@@ -11183,8 +11225,8 @@ CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) use
TODO: check
CVE-2022-39349 (The Tasks.org Android app is an open-source app for to-do lists and re ...)
TODO: check
-CVE-2022-39348
- RESERVED
+CVE-2022-39348 (Twisted is an event-based framework for internet applications. Started ...)
+ TODO: check
CVE-2022-39347
RESERVED
CVE-2022-39346
@@ -11319,8 +11361,8 @@ CVE-2022-39288 (fastify is a fast and low overhead web framework, for Node.js. A
NOT-FOR-US: Node fastify
CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) protection mi ...)
NOT-FOR-US: tiny-csrf Nodejs module
-CVE-2022-39286
- RESERVED
+CVE-2022-39286 (Jupyter Core is a package for the core common functionality of Jupyter ...)
+ TODO: check
CVE-2022-39285 (ZoneMinder is a free, open source Closed-circuit television software a ...)
- zoneminder 1.36.31+dfsg1-1 (unimportant; bug #1021565)
NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433
@@ -14794,8 +14836,8 @@ CVE-2022-2784
RESERVED
CVE-2022-2783 (In affected versions of Octopus Server it was identified that a sessio ...)
NOT-FOR-US: Octopus
-CVE-2022-2782
- RESERVED
+CVE-2022-2782 (In affected versions of Octopus Server it is possible for a session to ...)
+ TODO: check
CVE-2022-2781 (In affected versions of Octopus Server it was identified that the same ...)
NOT-FOR-US: Octopus
CVE-2022-2780 (In affected versions of Octopus Server it is possible to use the Git C ...)
@@ -19342,8 +19384,8 @@ CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens becau
NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted)
NOTE: https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2
-CVE-2022-2508
- RESERVED
+CVE-2022-2508 (In affected versions of Octopus Server it is possible to reveal the ex ...)
+ TODO: check
CVE-2022-2507
RESERVED
CVE-2022-2506
@@ -48872,8 +48914,8 @@ CVE-2022-25921 (All versions of package morgan-json are vulnerable to Arbitrary
NOT-FOR-US: Node morgan-json
CVE-2022-25919
RESERVED
-CVE-2022-25918
- RESERVED
+CVE-2022-25918 (The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Re ...)
+ TODO: check
CVE-2022-25916
RESERVED
CVE-2022-25914 (The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerab ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf49d27dbd1924b97fdd39b6df0ffceb8310477
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf49d27dbd1924b97fdd39b6df0ffceb8310477
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221027/a8bc3fbe/attachment.htm>
More information about the debian-security-tracker-commits
mailing list