[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 7 09:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
449e4908 by security tracker role at 2022-09-07T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2022-40144
+ RESERVED
+CVE-2022-40143
+ RESERVED
+CVE-2022-40142
+ RESERVED
+CVE-2022-40141
+ RESERVED
+CVE-2022-40140
+ RESERVED
+CVE-2022-40139
+ RESERVED
+CVE-2022-40138
+ RESERVED
+CVE-2022-40133
+ RESERVED
+CVE-2022-38457
+ RESERVED
+CVE-2022-38096
+ RESERVED
+CVE-2022-36402
+ RESERVED
+CVE-2022-36280
+ RESERVED
+CVE-2022-3147
+ RESERVED
+CVE-2022-3146
+ RESERVED
+CVE-2022-3145
+ RESERVED
+CVE-2022-3144
+ RESERVED
+CVE-2022-3143
+ RESERVED
CVE-2022-40137
RESERVED
CVE-2022-40136
@@ -360,8 +394,8 @@ CVE-2022-39960
RESERVED
CVE-2022-3135
RESERVED
-CVE-2022-3134
- RESERVED
+CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0388. ...)
+ TODO: check
CVE-2022-39959
RESERVED
CVE-2022-39958
@@ -2281,6 +2315,7 @@ CVE-2022-3076
RESERVED
CVE-2022-3075
RESERVED
+ {DSA-5225-1}
- chromium 105.0.5195.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3074
@@ -3862,12 +3897,12 @@ CVE-2022-38532
RESERVED
CVE-2022-38531
RESERVED
-CVE-2022-38530
- RESERVED
-CVE-2022-38529
- RESERVED
-CVE-2022-38528
- RESERVED
+CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...)
+ TODO: check
+CVE-2022-38529 (tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflo ...)
+ TODO: check
+CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was discovered to co ...)
+ TODO: check
CVE-2022-38527
RESERVED
CVE-2022-38526
@@ -5016,8 +5051,8 @@ CVE-2022-2796 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2022-2795
RESERVED
-CVE-2022-38176
- RESERVED
+CVE-2022-38176 (An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect priv ...)
+ TODO: check
CVE-2022-38175
RESERVED
CVE-2022-38174
@@ -5316,8 +5351,8 @@ CVE-2022-37403
RESERVED
CVE-2022-37402
RESERVED
-CVE-2022-37344
- RESERVED
+CVE-2022-37344 (Missing Access Control vulnerability in PHP Crafts Accommodation Syste ...)
+ TODO: check
CVE-2022-37339
RESERVED
CVE-2022-37338
@@ -5338,8 +5373,8 @@ CVE-2022-36791
RESERVED
CVE-2022-36428
RESERVED
-CVE-2022-36427
- RESERVED
+CVE-2022-36427 (Missing Access Control vulnerability in About Rentals. Inc. About Rent ...)
+ TODO: check
CVE-2022-36425 (Broken Access Control vulnerability in Beaver Builder plugin <= 2.5 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36422
@@ -5350,8 +5385,8 @@ CVE-2022-36394 (Authenticated (author+) SQL Injection (SQLi) vulnerability in Co
NOT-FOR-US: WordPress plugin
CVE-2022-36390
RESERVED
-CVE-2022-36387
- RESERVED
+CVE-2022-36387 (Broken Access Control vulnerability in Alessio Caiazza's About Me plug ...)
+ TODO: check
CVE-2022-36383
RESERVED
CVE-2022-36376
@@ -5403,6 +5438,7 @@ CVE-2022-2737
CVE-2022-2736 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
NOT-FOR-US: SourceCodester Company Website CMS
CVE-2022-2735 (A vulnerability was found in the PCS project. This issue occurs due to ...)
+ {DSA-5226-1}
- pcs 0.11.3-2 (bug #1018930)
NOTE: https://www.openwall.com/lists/oss-security/2022/09/01/4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116815
@@ -6034,8 +6070,8 @@ CVE-2022-37773
RESERVED
CVE-2022-37772
RESERVED
-CVE-2022-37771
- RESERVED
+CVE-2022-37771 (IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protecti ...)
+ TODO: check
CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...)
- libjpeg <unfixed> (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/issues/79
@@ -7427,8 +7463,8 @@ CVE-2022-37255
RESERVED
CVE-2022-37254 (DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Backg ...)
NOT-FOR-US: DolphinPHP
-CVE-2022-37253
- RESERVED
+CVE-2022-37253 (Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 al ...)
+ TODO: check
CVE-2022-37252
RESERVED
CVE-2022-37251
@@ -7563,8 +7599,8 @@ CVE-2022-37187
RESERVED
CVE-2022-37186
RESERVED
-CVE-2022-37185
- RESERVED
+CVE-2022-37185 (SQL injection vulnerability exists in the school information query int ...)
+ TODO: check
CVE-2022-37184 (The application manage_website.php on Garage Management System 1.0 is ...)
NOT-FOR-US: Garage Management System
CVE-2022-37183 (Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/ ...)
@@ -8642,8 +8678,8 @@ CVE-2022-36759 (Online Food Ordering System v1.0 was discovered to contain a SQL
NOT-FOR-US: Online Food Ordering System
CVE-2022-36758
RESERVED
-CVE-2022-36757
- RESERVED
+CVE-2022-36757 (Xaomi Mi Browser v13.10.0-gn contains a vulnerability which allows att ...)
+ TODO: check
CVE-2022-36756 (DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/ ...)
NOT-FOR-US: D-Link
CVE-2022-36755 (D-Link DIR845L A1 contains a authentication vulnerability via an AUTHO ...)
@@ -8816,8 +8852,8 @@ CVE-2022-36672 (Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key
NOT-FOR-US: Novel-Plus
CVE-2022-36671 (Novel-Plus v3.6.2 was discovered to contain an arbitrary file download ...)
NOT-FOR-US: Novel-Plus
-CVE-2022-36670
- RESERVED
+CVE-2022-36670 (PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamp ...)
+ TODO: check
CVE-2022-36669
RESERVED
CVE-2022-36668
@@ -8830,8 +8866,8 @@ CVE-2022-36665
RESERVED
CVE-2022-36664
RESERVED
-CVE-2022-36663
- RESERVED
+CVE-2022-36663 (Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Serv ...)
+ TODO: check
CVE-2022-36662
RESERVED
CVE-2022-36661
@@ -10414,8 +10450,8 @@ CVE-2022-36074
RESERVED
CVE-2022-36073
RESERVED
-CVE-2022-36072
- RESERVED
+CVE-2022-36072 (SilverwareGames.io is a social network for users to play video games o ...)
+ TODO: check
CVE-2022-36071 (SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and Web ...)
NOT-FOR-US: SFTPGo
CVE-2022-36070
@@ -10424,20 +10460,20 @@ CVE-2022-36069
RESERVED
CVE-2022-36068
RESERVED
-CVE-2022-36067
- RESERVED
+CVE-2022-36067 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
+ TODO: check
CVE-2022-36066
RESERVED
-CVE-2022-36065
- RESERVED
-CVE-2022-36064
- RESERVED
+CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and A/B tes ...)
+ TODO: check
+CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An Inefficient Regu ...)
+ TODO: check
CVE-2022-36063
RESERVED
CVE-2022-36062
RESERVED
-CVE-2022-36061
- RESERVED
+CVE-2022-36061 (Elrond go is the go implementation for the Elrond Network protocol. In ...)
+ TODO: check
CVE-2022-36060
RESERVED
CVE-2022-36059
@@ -10448,10 +10484,10 @@ CVE-2022-36059
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-36059
NOTE: https://matrix.org/blog/2022/08/31/security-releases-matrix-js-sdk-19-4-0-and-matrix-react-sdk-3-53-0
NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/8716c1ab9ba93659173b806097c46a2be115199f (v19.4.0)
-CVE-2022-36058
- RESERVED
-CVE-2022-36057
- RESERVED
+CVE-2022-36058 (Elrond go is the go implementation for the Elrond Network protocol. In ...)
+ TODO: check
+CVE-2022-36057 (Discourse-Chat is an asynchronous messaging plugin for the Discourse o ...)
+ TODO: check
CVE-2022-36056
RESERVED
CVE-2022-36055 (Helm is a tool for managing Charts. Charts are packages of pre-configu ...)
@@ -10476,20 +10512,20 @@ CVE-2022-36046 (Next.js is a React framework that can provide building blocks to
NOT-FOR-US: Next.js
CVE-2022-36045 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...)
NOT-FOR-US: NodeBB
-CVE-2022-36044
- RESERVED
-CVE-2022-36043
- RESERVED
-CVE-2022-36042
- RESERVED
-CVE-2022-36041
- RESERVED
-CVE-2022-36040
- RESERVED
-CVE-2022-36039
- RESERVED
-CVE-2022-36038
- RESERVED
+CVE-2022-36044 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ TODO: check
+CVE-2022-36043 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ TODO: check
+CVE-2022-36042 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ TODO: check
+CVE-2022-36041 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ TODO: check
+CVE-2022-36040 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ TODO: check
+CVE-2022-36039 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ TODO: check
+CVE-2022-36038 (CircuitVerse is an open-source platform which allows users to construc ...)
+ TODO: check
CVE-2022-36037 (kirby is a content management system (CMS) that adapts to many differe ...)
NOT-FOR-US: Kirby CMS
CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX. There is ...)
@@ -10504,8 +10540,8 @@ CVE-2022-36033 (jsoup is a Java HTML parser, built for HTML editing, cleaning, s
[buster] - jsoup <no-dsa> (Minor issue, preserveRelativeLinks option is disabled by default)
NOTE: https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
NOTE: https://github.com/jhy/jsoup/commit/4ea768d96b3d232e63edef9594766d44597b3882 (jsoup-1.15.3)
-CVE-2022-36032
- RESERVED
+CVE-2022-36032 (ReactPHP HTTP is a streaming HTTP client and server implementation for ...)
+ TODO: check
CVE-2022-36031 (Directus is a free and open-source data platform for headless content ...)
NOT-FOR-US: Directus
CVE-2022-36030 (Project-nexus is a general-purpose blog website framework. Affected ve ...)
@@ -10714,8 +10750,8 @@ CVE-2022-35933 (This package is a PrestaShop module that allows users to post re
NOT-FOR-US: PrestaShop
CVE-2022-35932 (Nextcloud Talk is a video and audio conferencing app for Nextcloud. Pr ...)
NOT-FOR-US: Nextcloud Talk
-CVE-2022-35931
- RESERVED
+CVE-2022-35931 (Nextcloud Password Policy is an app that enables a Nextcloud server ad ...)
+ TODO: check
CVE-2022-35930 (PolicyController is a utility used to enforce supply chain policy in K ...)
NOT-FOR-US: sigstore/policy-controller
CVE-2022-35929 (cosign is a container signing and verification utility. In versions pr ...)
@@ -10750,8 +10786,8 @@ CVE-2022-35915 (OpenZeppelin Contracts is a library for secure smart contract de
NOT-FOR-US: OpenZeppelin
CVE-2022-35914
RESERVED
-CVE-2022-35913
- RESERVED
+CVE-2022-35913 (Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a ...)
+ TODO: check
CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x b ...)
- grails <itp> (bug #473213)
CVE-2022-35911 (** DISPUTED ** On Patlite NH-FB series devices through 1.46, remote at ...)
@@ -20213,8 +20249,8 @@ CVE-2022-32278 (XFCE 4.16 allows attackers to execute arbitrary code because xdg
{DSA-5164-1 DLA-3056-1}
- exo 4.16.4-1 (bug #1013129)
NOTE: https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f (exo-4.16.4)
-CVE-2022-32277
- RESERVED
+CVE-2022-32277 (Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Refer ...)
+ TODO: check
CVE-2022-32276 (** DISPUTED ** Grafana 8.4.3 allows unauthenticated access via (for ex ...)
- grafana <removed>
CVE-2022-32275 (Grafana 8.4.3 allows reading files via (for example) a /dashboard/snap ...)
@@ -21570,14 +21606,14 @@ CVE-2022-1926 (Integer Overflow or Wraparound in GitHub repository polonel/trude
NOT-FOR-US: Trudesk
CVE-2022-31793 (do_request in request.c in muhttpd before 1.1.7 allows remote attacker ...)
NOT-FOR-US: Arris
-CVE-2022-31792
- RESERVED
-CVE-2022-31791
- RESERVED
+CVE-2022-31792 (A stored cross-site scripting (XSS) vulnerability exists in the manage ...)
+ TODO: check
+CVE-2022-31791 (WatchGuard Firebox and XTM appliances allow a local attacker (that has ...)
+ TODO: check
CVE-2022-31790 (WatchGuard Firebox and XTM appliances allow an unauthenticated remote ...)
NOT-FOR-US: WatchGuard Firebox and XTM appliances
-CVE-2022-31789
- RESERVED
+CVE-2022-31789 (An integer overflow in WatchGuard Firebox and XTM appliances allows an ...)
+ TODO: check
CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccess ...)
NOT-FOR-US: IdeaLMS
CVE-2022-31787 (IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO ...)
@@ -27405,14 +27441,14 @@ CVE-2022-26054 (Operation restriction bypass vulnerability in Link of Cybozu Gar
NOT-FOR-US: Cybozu
CVE-2022-26051 (Operation restriction bypass vulnerability in Portal of Cybozu Garoon ...)
NOT-FOR-US: Cybozu
-CVE-2022-1525
- RESERVED
+CVE-2022-1525 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...)
+ TODO: check
CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...)
NOT-FOR-US: LRM
CVE-2022-1523
RESERVED
-CVE-2022-1522
- RESERVED
+CVE-2022-1522 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...)
+ TODO: check
CVE-2022-1521 (LRM does not implement authentication or authorization by default. A m ...)
NOT-FOR-US: LRM
CVE-2022-1520
@@ -29211,8 +29247,8 @@ CVE-2022-1370 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) h
NOT-FOR-US: Delta Electronics
CVE-2022-1369 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
NOT-FOR-US: Delta Electronics
-CVE-2022-1368
- RESERVED
+CVE-2022-1368 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...)
+ TODO: check
CVE-2022-1367 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
NOT-FOR-US: Delta Electronics
CVE-2022-1366 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
@@ -34087,6 +34123,7 @@ CVE-2022-1050 (A flaw was found in the QEMU implementation of VMWare's paravirtu
[stretch] - qemu <not-affected> (rdma devices introduced in v2.12)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html
CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The pcs da ...)
+ {DSA-5226-1}
- pcs 0.11.3-1
[buster] - pcs <no-dsa> (Minor issue)
[stretch] - pcs <not-affected> (Vulnerable code introduced later, ./pcs/daemon/ not present)
@@ -36280,14 +36317,14 @@ CVE-2022-26863 (Prior Dell BIOS versions contain an Input Validation vulnerabili
NOT-FOR-US: Dell
CVE-2022-26862 (Prior Dell BIOS versions contain an Input Validation vulnerability. A ...)
NOT-FOR-US: Dell
-CVE-2022-26861
- RESERVED
-CVE-2022-26860
- RESERVED
-CVE-2022-26859
- RESERVED
-CVE-2022-26858
- RESERVED
+CVE-2022-26861 (Dell BIOS versions contain an Insecure Automated Optimization vulnerab ...)
+ TODO: check
+CVE-2022-26860 (Dell BIOS versions contain a stack-based buffer overflow vulnerability ...)
+ TODO: check
+CVE-2022-26859 (Dell BIOS contains a race condition vulnerability. A local attacker co ...)
+ TODO: check
+CVE-2022-26858 (Dell BIOS versions contain an Improper Authentication vulnerability. A ...)
+ TODO: check
CVE-2022-26857 (Dell OpenManage Enterprise Versions 3.8.3 and prior contain an imprope ...)
NOT-FOR-US: Dell OpenManage Enterprise
CVE-2022-26856 (Dell EMC Repository Manager version 3.4.0 contains a plain-text passwo ...)
@@ -65480,7 +65517,8 @@ CVE-2022-20376 (In trusty_log_seq_start of trusty-log.c, there is a possible use
NOT-FOR-US: Android
CVE-2022-20375 (In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out o ...)
NOT-FOR-US: Android
-CVE-2022-20374 (On specific devices, there is a possible bypass of configuration integ ...)
+CVE-2022-20374
+ REJECTED
NOT-FOR-US: Android
CVE-2022-20373 (In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible u ...)
NOT-FOR-US: Android
@@ -150298,8 +150336,8 @@ CVE-2020-21518
RESERVED
CVE-2020-21517 (Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gour ...)
NOT-FOR-US: MetInfo
-CVE-2020-21516
- RESERVED
+CVE-2020-21516 (There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at t ...)
+ TODO: check
CVE-2020-21515
RESERVED
CVE-2020-21514
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/449e490898bc6f6f881a7a4b5c90046bc5db3f44
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/449e490898bc6f6f881a7a4b5c90046bc5db3f44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220907/48062d1f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list