[Git][security-tracker-team/security-tracker][master] automatic update

Sat Oct 29 21:10:32 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19669ea5 by security tracker role at 2022-10-29T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-43998
+	RESERVED
+CVE-2022-3757 (A vulnerability was found in Exiv2. It has been declared as critical.  ...)
+	TODO: check
+CVE-2022-3756 (A vulnerability was found in Exiv2. It has been classified as critical ...)
+	TODO: check
+CVE-2022-3755 (A vulnerability was found in Exiv2 and classified as problematic. This ...)
+	TODO: check
+CVE-2022-3754 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...)
+	TODO: check
+CVE-2022-3753
+	RESERVED
 CVE-2022-43997
 	RESERVED
 CVE-2022-43996
@@ -4782,6 +4794,7 @@ CVE-2022-42892
 CVE-2022-42891
 	RESERVED
 CVE-2022-42890 (A vulnerability in Batik of Apache XML Graphics allows an attacker to  ...)
+	{DLA-3169-1}
 	- batik 1.16+dfsg-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/3
 	NOTE: https://issues.apache.org/jira/browse/BATIK-1345
@@ -6851,13 +6864,11 @@ CVE-2022-41976
 	RESERVED
 CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Win ...)
 	NOT-FOR-US: RealVNC
-CVE-2022-41974 [Authorization bypass]
-	RESERVED
+CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to ...)
 	- multipath-tools <unfixed> (bug #1022742)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2
 	NOTE: Introduced by: https://github.com/opensvc/multipath-tools/commit/9acda0c47b143f2ef6123957d2ccd24ea995dc04 (0.7.0)
-CVE-2022-41973 [Symlink attack]
-	RESERVED
+CVE-2022-41973 (multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to ...)
 	- multipath-tools <unfixed> (bug #1022742)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2
 	NOTE: Introduced by: https://github.com/opensvc/multipath-tools/commit/65d0a633e066223d361cd1a254ebdfe36a133a5c (0.7.7)
@@ -7533,6 +7544,7 @@ CVE-2022-41706
 CVE-2022-41705
 	RESERVED
 CVE-2022-41704 (A vulnerability in Batik of Apache XML Graphics allows an attacker to  ...)
+	{DLA-3169-1}
 	- batik 1.16+dfsg-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/2
 	NOTE: https://issues.apache.org/jira/browse/BATIK-1338
@@ -32652,6 +32664,7 @@ CVE-2022-32168 (Notepad++ versions 8.4.1 and before are vulnerable to DLL hijack
 CVE-2022-32167 (Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cros ...)
 	NOT-FOR-US: Cloudreve
 CVE-2022-32166 (In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer o ...)
+	{DLA-3168-1}
 	- openvswitch 2.13.0+dfsg1-1
 	NOTE: https://github.com/openvswitch/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73 (v2.12.0)
 CVE-2022-32165
@@ -40757,6 +40770,7 @@ CVE-2022-29460
 CVE-2022-29459
 	RESERVED
 CVE-2022-29458 (ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen ...)
+	{DLA-3167-1}
 	- ncurses 6.3+20220423-1 (bug #1009870)
 	[bullseye] - ncurses <no-dsa> (Minor issue)
 	[stretch] - ncurses <no-dsa> (Minor issue)
@@ -76536,8 +76550,8 @@ CVE-2021-42778 (A heap double free issue was found in Opensc before version 0.22
 	NOTE: https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 (0.22.0-rc1)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016083
-CVE-2021-42777
-	RESERVED
+CVE-2021-42777 (Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mo ...)
+	TODO: check
 CVE-2021-42776 (CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE  ...)
 	NOT-FOR-US: CloverDX Server
 CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19669ea526db2ce7e6a209e438b4fbe20c8c3744

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19669ea526db2ce7e6a209e438b4fbe20c8c3744
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221029/27e1e6fe/attachment.htm>
