[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 27 09:10:25 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
faf49d27 by security tracker role at 2022-10-27T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2022-43945
+	RESERVED
+CVE-2022-43944
+	RESERVED
+CVE-2022-43943
+	RESERVED
+CVE-2022-43942
+	RESERVED
+CVE-2022-43941
+	RESERVED
+CVE-2022-43940
+	RESERVED
+CVE-2022-43939
+	RESERVED
+CVE-2022-43938
+	RESERVED
+CVE-2022-43937
+	RESERVED
+CVE-2022-43936
+	RESERVED
+CVE-2022-43935
+	RESERVED
+CVE-2022-43934
+	RESERVED
+CVE-2022-43933
+	RESERVED
+CVE-2022-3713
+	RESERVED
+CVE-2022-3712
+	RESERVED
+CVE-2022-3711
+	RESERVED
+CVE-2022-3710
+	RESERVED
+CVE-2022-3709
+	RESERVED
+CVE-2022-3708
+	RESERVED
+CVE-2022-3707
+	RESERVED
+CVE-2022-3706
+	RESERVED
 CVE-2022-43932
 	RESERVED
 CVE-2022-43931
@@ -342,10 +384,10 @@ CVE-2022-43762
 	RESERVED
 CVE-2022-43761
 	RESERVED
-CVE-2022-3705
-	RESERVED
-CVE-2022-3704
-	RESERVED
+CVE-2022-3705 (A vulnerability was found in vim and classified as problematic. Affect ...)
+	TODO: check
+CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby on Ra ...)
+	TODO: check
 CVE-2022-3703
 	RESERVED
 CVE-2022-3702
@@ -5282,8 +5324,8 @@ CVE-2022-3365
 	RESERVED
 CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
 	- rdiffweb <itp> (bug #969974)
-CVE-2022-3363
-	RESERVED
+CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...)
+	TODO: check
 CVE-2022-3362
 	RESERVED
 CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...)
@@ -5355,8 +5397,8 @@ CVE-2022-40967
 	RESERVED
 CVE-2022-40965
 	RESERVED
-CVE-2022-40703
-	RESERVED
+CVE-2022-40703 (CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Ka ...)
+	TODO: check
 CVE-2022-40204
 	RESERVED
 CVE-2022-40202
@@ -11169,8 +11211,8 @@ CVE-2022-39357 (Winter is a free, open-source content management system based on
 	NOT-FOR-US: Winter
 CVE-2022-39356
 	RESERVED
-CVE-2022-39355
-	RESERVED
+CVE-2022-39355 (Discourse Patreon enables syncronization between Discourse Groups and  ...)
+	TODO: check
 CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of Ethereum Virtu ...)
 	TODO: check
 CVE-2022-39353
@@ -11183,8 +11225,8 @@ CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) use
 	TODO: check
 CVE-2022-39349 (The Tasks.org Android app is an open-source app for to-do lists and re ...)
 	TODO: check
-CVE-2022-39348
-	RESERVED
+CVE-2022-39348 (Twisted is an event-based framework for internet applications. Started ...)
+	TODO: check
 CVE-2022-39347
 	RESERVED
 CVE-2022-39346
@@ -11319,8 +11361,8 @@ CVE-2022-39288 (fastify is a fast and low overhead web framework, for Node.js. A
 	NOT-FOR-US: Node fastify
 CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) protection mi ...)
 	NOT-FOR-US: tiny-csrf Nodejs module
-CVE-2022-39286
-	RESERVED
+CVE-2022-39286 (Jupyter Core is a package for the core common functionality of Jupyter ...)
+	TODO: check
 CVE-2022-39285 (ZoneMinder is a free, open source Closed-circuit television software a ...)
 	- zoneminder 1.36.31+dfsg1-1 (unimportant; bug #1021565)
 	NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433
@@ -14794,8 +14836,8 @@ CVE-2022-2784
 	RESERVED
 CVE-2022-2783 (In affected versions of Octopus Server it was identified that a sessio ...)
 	NOT-FOR-US: Octopus
-CVE-2022-2782
-	RESERVED
+CVE-2022-2782 (In affected versions of Octopus Server it is possible for a session to ...)
+	TODO: check
 CVE-2022-2781 (In affected versions of Octopus Server it was identified that the same ...)
 	NOT-FOR-US: Octopus
 CVE-2022-2780 (In affected versions of Octopus Server it is possible to use the Git C ...)
@@ -19342,8 +19384,8 @@ CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens becau
 	NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07
 	NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted)
 	NOTE: https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2
-CVE-2022-2508
-	RESERVED
+CVE-2022-2508 (In affected versions of Octopus Server it is possible to reveal the ex ...)
+	TODO: check
 CVE-2022-2507
 	RESERVED
 CVE-2022-2506
@@ -48872,8 +48914,8 @@ CVE-2022-25921 (All versions of package morgan-json are vulnerable to Arbitrary
 	NOT-FOR-US: Node morgan-json
 CVE-2022-25919
 	RESERVED
-CVE-2022-25918
-	RESERVED
+CVE-2022-25918 (The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Re ...)
+	TODO: check
 CVE-2022-25916
 	RESERVED
 CVE-2022-25914 (The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerab ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf49d27dbd1924b97fdd39b6df0ffceb8310477

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faf49d27dbd1924b97fdd39b6df0ffceb8310477
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221027/a8bc3fbe/attachment.htm>


More information about the debian-security-tracker-commits mailing list