[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 9 21:10:33 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aeeae369 by security tracker role at 2022-09-09T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-40318
+ RESERVED
+CVE-2022-40317 (OpenKM 6.3.11 allows stored XSS related to the javascript: s ...)
+ TODO: check
+CVE-2022-40316
+ RESERVED
+CVE-2022-40315
+ RESERVED
+CVE-2022-40314
+ RESERVED
+CVE-2022-40313
+ RESERVED
+CVE-2022-40309
+ RESERVED
+CVE-2022-40308
+ RESERVED
+CVE-2022-40199
+ RESERVED
+CVE-2022-38975
+ RESERVED
+CVE-2022-37346
+ RESERVED
+CVE-2022-3172
+ RESERVED
+CVE-2022-3171
+ RESERVED
+CVE-2022-3170
+ RESERVED
CVE-2022-40307 (An issue was discovered in the Linux kernel through 5.19.8. drivers/fi ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95
@@ -143,8 +171,8 @@ CVE-2022-40239
RESERVED
CVE-2022-40238
RESERVED
-CVE-2022-3169
- RESERVED
+CVE-2022-3169 (A flaw was found in the Linux kernel. A denial of service flaw may occ ...)
+ TODO: check
CVE-2022-3168
RESERVED
CVE-2019-25076 (The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.1 ...)
@@ -187,8 +215,8 @@ CVE-2022-40195
RESERVED
CVE-2022-40194
RESERVED
-CVE-2022-40191
- RESERVED
+CVE-2022-40191 (Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerab ...)
+ TODO: check
CVE-2022-40189
RESERVED
CVE-2022-40132
@@ -203,8 +231,8 @@ CVE-2022-38470
RESERVED
CVE-2022-38460
RESERVED
-CVE-2022-38144
- RESERVED
+CVE-2022-38144 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpFor ...)
+ TODO: check
CVE-2022-38140
RESERVED
CVE-2022-38139
@@ -231,8 +259,8 @@ CVE-2022-36790
RESERVED
CVE-2022-36388
RESERVED
-CVE-2022-36356
- RESERVED
+CVE-2022-36356 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2022-36340
RESERVED
CVE-2022-36299
@@ -384,18 +412,18 @@ CVE-2022-40139
RESERVED
CVE-2022-40138
RESERVED
-CVE-2022-40133
- RESERVED
-CVE-2022-38457
- RESERVED
-CVE-2022-38096
- RESERVED
+CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf ...)
+ TODO: check
+CVE-2022-38457 (A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res ...)
+ TODO: check
+CVE-2022-38096 (A NULL pointer dereference vulnerability was found in vmwgfx driver in ...)
+ TODO: check
CVE-2022-36402
RESERVED
-CVE-2022-36280
- RESERVED
-CVE-2022-3147
- RESERVED
+CVE-2022-36280 (An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx ...)
+ TODO: check
+CVE-2022-3147 (Mattermost version 7.0.x and earlier fails to sufficiently limit the i ...)
+ TODO: check
CVE-2022-3146
RESERVED
CVE-2022-3145
@@ -999,14 +1027,14 @@ CVE-2022-39848
RESERVED
CVE-2022-39847
RESERVED
-CVE-2022-39846
- RESERVED
-CVE-2022-39845
- RESERVED
-CVE-2022-39844
- RESERVED
-CVE-2022-3133
- RESERVED
+CVE-2022-39846 (DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22 ...)
+ TODO: check
+CVE-2022-39845 (Improper validation of integrity check vulnerability in Samsung Kies p ...)
+ TODO: check
+CVE-2022-39844 (Improper validation of integrity check vulnerability in Smart Switch P ...)
+ TODO: check
+CVE-2022-3133 (OS Command Injection in GitHub repository jgraph/drawio prior to 20.3. ...)
+ TODO: check
CVE-2022-3132
RESERVED
CVE-2022-3131
@@ -1107,20 +1135,20 @@ CVE-2022-39812
RESERVED
CVE-2022-39811
RESERVED
-CVE-2022-39810
- RESERVED
-CVE-2022-39809
- RESERVED
-CVE-2022-38701
- RESERVED
-CVE-2022-38700
- RESERVED
-CVE-2022-38081
- RESERVED
-CVE-2022-38064
- RESERVED
-CVE-2022-36423
- RESERVED
+CVE-2022-39810 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflect ...)
+ TODO: check
+CVE-2022-39809 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflect ...)
+ TODO: check
+CVE-2022-38701 (OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerabili ...)
+ TODO: check
+CVE-2022-38700 (OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnera ...)
+ TODO: check
+CVE-2022-38081 (OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnera ...)
+ TODO: check
+CVE-2022-38064 (OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnera ...)
+ TODO: check
+CVE-2022-36423 (OpenHarmony-v3.1.2 and prior versions have an incorrect configuration ...)
+ TODO: check
CVE-2022-3120 (A vulnerability classified as critical was found in SourceCodester Cli ...)
NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2022-3119
@@ -2597,8 +2625,8 @@ CVE-2022-39121
RESERVED
CVE-2022-39120
RESERVED
-CVE-2022-39119
- RESERVED
+CVE-2022-39119 (In network service, there is a missing permission check. This could le ...)
+ TODO: check
CVE-2022-39118
RESERVED
CVE-2022-39117
@@ -2690,8 +2718,8 @@ CVE-2022-3078 (An issue was discovered in the Linux kernel through 5.16-rc6. The
[bullseye] - linux 5.10.113-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e6a21a14106d9718aa4f8e115b1e474888eeba44 (5.18-rc1)
-CVE-2022-3077
- RESERVED
+CVE-2022-3077 (A buffer overflow vulnerability was found in the Linux kernel Intel ...)
+ TODO: check
CVE-2022-3076
RESERVED
CVE-2022-3075
@@ -3837,8 +3865,7 @@ CVE-2022-2966
RESERVED
CVE-2022-2965 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
NOT-FOR-US: NotrinosERP
-CVE-2022-2964
- RESERVED
+CVE-2022-2964 (A flaw was found in the Linux kernel’s driver for the ASIX AX881 ...)
- linux 5.16.10-1
[bullseye] - linux 5.10.103-1
[buster] - linux 4.19.232-1
@@ -4063,8 +4090,8 @@ CVE-2022-38641
RESERVED
CVE-2022-38640
RESERVED
-CVE-2022-38639
- RESERVED
+CVE-2022-38639 (A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 al ...)
+ TODO: check
CVE-2022-38638
RESERVED
CVE-2022-38637
@@ -4111,12 +4138,12 @@ CVE-2022-38617
RESERVED
CVE-2022-38616
RESERVED
-CVE-2022-38615
- RESERVED
-CVE-2022-38614
- RESERVED
-CVE-2022-38613
- RESERVED
+CVE-2022-38615 (SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL inject ...)
+ TODO: check
+CVE-2022-38614 (An issue in the IGB Files and OutfileService features of SmartVista Ca ...)
+ TODO: check
+CVE-2022-38613 (A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows au ...)
+ TODO: check
CVE-2022-38612
RESERVED
CVE-2022-38611
@@ -4525,8 +4552,7 @@ CVE-2022-2907
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2906
RESERVED
-CVE-2022-2905
- RESERVED
+CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's BPF ...)
- linux 5.19.6-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1
@@ -5174,36 +5200,36 @@ CVE-2022-38288
RESERVED
CVE-2022-38287
RESERVED
-CVE-2022-38286
- RESERVED
-CVE-2022-38285
- RESERVED
-CVE-2022-38284
- RESERVED
-CVE-2022-38283
- RESERVED
-CVE-2022-38282
- RESERVED
-CVE-2022-38281
- RESERVED
-CVE-2022-38280
- RESERVED
-CVE-2022-38279
- RESERVED
-CVE-2022-38278
- RESERVED
-CVE-2022-38277
- RESERVED
-CVE-2022-38276
- RESERVED
-CVE-2022-38275
- RESERVED
-CVE-2022-38274
- RESERVED
-CVE-2022-38273
- RESERVED
-CVE-2022-38272
- RESERVED
+CVE-2022-38286 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. ...)
+ TODO: check
+CVE-2022-38285 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. ...)
+ TODO: check
+CVE-2022-38284 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department ...)
+ TODO: check
+CVE-2022-38283 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list. ...)
+ TODO: check
+CVE-2022-38282 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/ ...)
+ TODO: check
+CVE-2022-38281 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list. ...)
+ TODO: check
+CVE-2022-38280 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list. ...)
+ TODO: check
+CVE-2022-38279 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/ ...)
+ TODO: check
+CVE-2022-38278 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylin ...)
+ TODO: check
+CVE-2022-38277 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollp ...)
+ TODO: check
+CVE-2022-38276 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotic ...)
+ TODO: check
+CVE-2022-38275 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/lis ...)
+ TODO: check
+CVE-2022-38274 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/lis ...)
+ TODO: check
+CVE-2022-38273 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/lis ...)
+ TODO: check
+CVE-2022-38272 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/lis ...)
+ TODO: check
CVE-2022-38271
RESERVED
CVE-2022-38270
@@ -5717,36 +5743,36 @@ CVE-2022-38107
RESERVED
CVE-2022-38106
RESERVED
-CVE-2022-38093
- RESERVED
-CVE-2022-38070
- RESERVED
-CVE-2022-38068
- RESERVED
-CVE-2022-38067
- RESERVED
+CVE-2022-38093 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in O ...)
+ TODO: check
+CVE-2022-38070 (Privilege Escalation (subscriber+) vulnerability in Pop-up plugin < ...)
+ TODO: check
+CVE-2022-38068 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
+CVE-2022-38067 (Unauthenticated Event Deletion vulnerability in Totalsoft Event Calend ...)
+ TODO: check
CVE-2022-38062
RESERVED
CVE-2022-38061
RESERVED
-CVE-2022-38059
- RESERVED
-CVE-2022-38058
- RESERVED
+CVE-2022-38059 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov's A ...)
+ TODO: check
+CVE-2022-38058 (Authenticated (subscriber+) Plugin Setting change vulnerability in WP ...)
+ TODO: check
CVE-2022-38054 (In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserv ...)
- airflow <itp> (bug #819700)
-CVE-2022-37412
- RESERVED
-CVE-2022-37411
- RESERVED
-CVE-2022-37407
- RESERVED
-CVE-2022-37405
- RESERVED
-CVE-2022-37404
- RESERVED
-CVE-2022-37403
- RESERVED
+CVE-2022-37412 (Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerabil ...)
+ TODO: check
+CVE-2022-37411 (Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Cap ...)
+ TODO: check
+CVE-2022-37407 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
+ TODO: check
+CVE-2022-37405 (Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better ...)
+ TODO: check
+CVE-2022-37404 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
+CVE-2022-37403 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2022-37402
RESERVED
CVE-2022-37344 (Missing Access Control vulnerability in PHP Crafts Accommodation Syste ...)
@@ -5755,8 +5781,8 @@ CVE-2022-37339
RESERVED
CVE-2022-37338
RESERVED
-CVE-2022-37335
- RESERVED
+CVE-2022-37335 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
+ TODO: check
CVE-2022-37330
RESERVED
CVE-2022-37328
@@ -5765,8 +5791,8 @@ CVE-2022-36798
RESERVED
CVE-2022-36796 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-36793
- RESERVED
+CVE-2022-36793 (Unauthenticated Plugin Settings Change & Data Deletion vulnerabili ...)
+ TODO: check
CVE-2022-36791
RESERVED
CVE-2022-36428
@@ -5775,8 +5801,8 @@ CVE-2022-36427 (Missing Access Control vulnerability in About Rentals. Inc. Abou
NOT-FOR-US: WordPress plugin
CVE-2022-36425 (Broken Access Control vulnerability in Beaver Builder plugin <= 2.5 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-36422
- RESERVED
+CVE-2022-36422 (Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP ...)
+ TODO: check
CVE-2022-36405 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36394 (Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest ...)
@@ -5787,8 +5813,8 @@ CVE-2022-36387 (Broken Access Control vulnerability in Alessio Caiazza's About M
NOT-FOR-US: WordPress plugin
CVE-2022-36383
RESERVED
-CVE-2022-36376
- RESERVED
+CVE-2022-36376 (Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plug ...)
+ TODO: check
CVE-2022-36373 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Wa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36365
@@ -5805,12 +5831,12 @@ CVE-2022-36345
RESERVED
CVE-2022-35726 (Broken Authentication vulnerability in yotuwp Video Gallery plugin < ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-35725
- RESERVED
-CVE-2022-35277
- RESERVED
-CVE-2022-35275
- RESERVED
+CVE-2022-35725 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
+CVE-2022-35277 (Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin ...)
+ TODO: check
+CVE-2022-35275 (Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vul ...)
+ TODO: check
CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec THE Lead ...)
NOT-FOR-US: WordPress plugin
CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThe ...)
@@ -7770,8 +7796,8 @@ CVE-2022-2594 (The Advanced Custom Fields WordPress plugin before 5.12.3, Advanc
NOT-FOR-US: WordPress plugin
CVE-2022-2593 (The Better Search Replace WordPress plugin before 1.4.1 does not prope ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-37299
- RESERVED
+CVE-2022-37299 (An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal ...)
+ TODO: check
CVE-2022-37298
RESERVED
CVE-2022-37297
@@ -8828,82 +8854,82 @@ CVE-2022-36879 (An issue was discovered in the Linux kernel through 5.18.14. xfr
{DSA-5207-1}
- linux 5.18.16-1
NOTE: https://git.kernel.org/linus/f85daf0e725358be78dfd208dea5fd665d8cb901 (v5.19-rc8)
-CVE-2022-36878
- RESERVED
-CVE-2022-36877
- RESERVED
-CVE-2022-36876
- RESERVED
-CVE-2022-36875
- RESERVED
-CVE-2022-36874
- RESERVED
-CVE-2022-36873
- RESERVED
-CVE-2022-36872
- RESERVED
-CVE-2022-36871
- RESERVED
-CVE-2022-36870
- RESERVED
-CVE-2022-36869
- RESERVED
+CVE-2022-36878 (Exposure of Sensitive Information in Find My Mobile prior to version 7 ...)
+ TODO: check
+CVE-2022-36877 (Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsun ...)
+ TODO: check
+CVE-2022-36876 (Improper authorization in UPI payment in Samsung Pass prior to version ...)
+ TODO: check
+CVE-2022-36875 (Improper restriction of broadcasting Intent in SaWebViewRelayActivity ...)
+ TODO: check
+CVE-2022-36874 (Improper Handling of Insufficient Permissions or Privileges vulnerabil ...)
+ TODO: check
+CVE-2022-36873 (Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLi ...)
+ TODO: check
+CVE-2022-36872 (Pending Intent hijacking vulnerability in SpayNotification in Samsung ...)
+ TODO: check
+CVE-2022-36871 (Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung P ...)
+ TODO: check
+CVE-2022-36870 (Pending Intent hijacking vulnerability in MTransferNotificationManager ...)
+ TODO: check
+CVE-2022-36869 (Improper access control vulnerability in ContactsDumpActivity of?Conta ...)
+ TODO: check
CVE-2022-36868
RESERVED
-CVE-2022-36867
- RESERVED
-CVE-2022-36866
- RESERVED
-CVE-2022-36865
- RESERVED
-CVE-2022-36864
- RESERVED
-CVE-2022-36863
- RESERVED
-CVE-2022-36862
- RESERVED
-CVE-2022-36861
- RESERVED
-CVE-2022-36860
- RESERVED
-CVE-2022-36859
- RESERVED
-CVE-2022-36858
- RESERVED
-CVE-2022-36857
- RESERVED
-CVE-2022-36856
- RESERVED
-CVE-2022-36855
- RESERVED
-CVE-2022-36854
- RESERVED
-CVE-2022-36853
- RESERVED
-CVE-2022-36852
- RESERVED
-CVE-2022-36851
- RESERVED
-CVE-2022-36850
- RESERVED
-CVE-2022-36849
- RESERVED
-CVE-2022-36848
- RESERVED
-CVE-2022-36847
- RESERVED
-CVE-2022-36846
- RESERVED
-CVE-2022-36845
- RESERVED
-CVE-2022-36844
- RESERVED
-CVE-2022-36843
- RESERVED
-CVE-2022-36842
- RESERVED
-CVE-2022-36841
- RESERVED
+CVE-2022-36867 (Improper access control vulnerability in Editor Lite prior to version ...)
+ TODO: check
+CVE-2022-36866 (Improper access control vulnerability in Broadcaster in Group Sharing ...)
+ TODO: check
+CVE-2022-36865 (Improper access control in Group Sharing prior to versions 13.0.6.15 i ...)
+ TODO: check
+CVE-2022-36864 (Improper access control and intent redirection in Samsung Email prior ...)
+ TODO: check
+CVE-2022-36863 (A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc f ...)
+ TODO: check
+CVE-2022-36862 (A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct ...)
+ TODO: check
+CVE-2022-36861 (Custom permission misuse vulnerability in SystemUI prior to SMR Sep-20 ...)
+ TODO: check
+CVE-2022-36860 (A heap-based overflow vulnerability in LoadEnvironment function in lib ...)
+ TODO: check
+CVE-2022-36859 (Improper input validation vulnerability in SmartTagPlugin prior to ver ...)
+ TODO: check
+CVE-2022-36858 (A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() ...)
+ TODO: check
+CVE-2022-36857 (Improper Authorization vulnerability in Photo Editor prior to SMR Sep- ...)
+ TODO: check
+CVE-2022-36856 (Improper access control vulnerability in Telecom application prior to ...)
+ TODO: check
+CVE-2022-36855 (A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 ...)
+ TODO: check
+CVE-2022-36854 (Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 ...)
+ TODO: check
+CVE-2022-36853 (Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 all ...)
+ TODO: check
+CVE-2022-36852 (Improper Authorization vulnerability in Video Editor prior to SMR Sep- ...)
+ TODO: check
+CVE-2022-36851 (Improper access control vulnerability in Samsung pass prior to version ...)
+ TODO: check
+CVE-2022-36850 (Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 R ...)
+ TODO: check
+CVE-2022-36849 (Use after free vulnerability in sdp_mm_set_process_sensitive function ...)
+ TODO: check
+CVE-2022-36848 (Improper Authorization vulnerability in setDualDARPolicyCmd prior to S ...)
+ TODO: check
+CVE-2022-36847 (Use after free vulnerability in mtp_send_signal function of MTP driver ...)
+ TODO: check
+CVE-2022-36846 (A heap-based overflow vulnerability in ConstructDictionary function in ...)
+ TODO: check
+CVE-2022-36845 (A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in ...)
+ TODO: check
+CVE-2022-36844 (A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() ...)
+ TODO: check
+CVE-2022-36843 (A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in ...)
+ TODO: check
+CVE-2022-36842 (A heap-based overflow vulnerability in prepareRecogLibrary function in ...)
+ TODO: check
+CVE-2022-36841 (A heap-based overflow vulnerability in PrepareRecogLibrary_Part functi ...)
+ TODO: check
CVE-2022-36840 (DLL hijacking vulnerability in Samsung Update Setup prior to version 2 ...)
NOT-FOR-US: Samsung
CVE-2022-36839 (SQL injection vulnerability via IAPService in Samsung Checkout prior t ...)
@@ -9361,8 +9387,8 @@ CVE-2022-36619 (In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset wit
NOT-FOR-US: D-link
CVE-2022-36618
RESERVED
-CVE-2022-36617
- RESERVED
+CVE-2022-36617 (Arq Backup 7.19.5.0 and below stores backup encryption passwords using ...)
+ TODO: check
CVE-2022-36616 (TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was di ...)
NOT-FOR-US: TOTOLINK
CVE-2022-36615 (TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a h ...)
@@ -9738,8 +9764,8 @@ CVE-2022-2530
RESERVED
CVE-2022-2529
RESERVED
-CVE-2022-2528
- RESERVED
+CVE-2022-2528 (In affected versions of Octopus Deploy it is possible to upload a pack ...)
+ TODO: check
CVE-2022-36439
RESERVED
CVE-2022-36438
@@ -9773,8 +9799,7 @@ CVE-2021-46829 (GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-bas
NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/6976bdc8ee9dd2c2954f91066f7b0f643769a379 (2.42.8)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/23/1
NOTE: http://www.openwall.com/lists/oss-security/2022/07/25/1
-CVE-2022-2526 [use-after-free when dealing with DnsStream in resolved-dns-stream.c]
- RESERVED
+CVE-2022-2526 (A use-after-free vulnerability was found in systemd. This issue occurs ...)
- systemd 240-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2109926
NOTE: https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c (v240)
@@ -10775,8 +10800,8 @@ CVE-2022-36111
RESERVED
CVE-2022-36110
RESERVED
-CVE-2022-36109
- RESERVED
+CVE-2022-36109 (Moby is an open-source project created by Docker to enable software co ...)
+ TODO: check
CVE-2022-36108
RESERVED
CVE-2022-36107
@@ -15950,8 +15975,8 @@ CVE-2022-34167 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored c
NOT-FOR-US: IBM
CVE-2022-34166 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scr ...)
NOT-FOR-US: IBM
-CVE-2022-34165
- RESERVED
+CVE-2022-34165 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSph ...)
+ TODO: check
CVE-2022-34164 (IBM CICS TX 11.1 could allow a local user to impersonate another legit ...)
NOT-FOR-US: IBM
CVE-2022-34163 (IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by imp ...)
@@ -30321,8 +30346,8 @@ CVE-2022-29063 (The Solr plugin of Apache OFBiz is configured by default to auto
NOT-FOR-US: Apache OFBiz
CVE-2022-29062 (Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet ...)
NOT-FOR-US: FortiGuard
-CVE-2022-29061
- RESERVED
+CVE-2022-29061 (An improper neutralization of special elements used in an OS command ( ...)
+ TODO: check
CVE-2022-29060 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...)
NOT-FOR-US: Fortinet
CVE-2022-29059
@@ -31112,12 +31137,12 @@ CVE-2022-28744
RESERVED
CVE-2022-28743 (Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Fosc ...)
NOT-FOR-US: Foscam R2C IP camera
-CVE-2022-28742
- RESERVED
-CVE-2022-28741
- RESERVED
-CVE-2022-28740
- RESERVED
+CVE-2022-28742 (aEnrich eHRD Learning Management Key Performance Indicator System 5+ h ...)
+ TODO: check
+CVE-2022-28741 (aEnrich a+HRD 5.x Learning Management Key Performance Indicator System ...)
+ TODO: check
+CVE-2022-28740 (aEnrich eHRD Learning Management Key Performance Indicator System 5+ e ...)
+ TODO: check
CVE-2022-28739 (There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, ...)
- ruby3.0 3.0.4-1 (bug #1009956)
- ruby2.7 <removed> (bug #1009957)
@@ -37995,16 +38020,16 @@ CVE-2022-26396
RESERVED
CVE-2022-26395
RESERVED
-CVE-2022-26394
- RESERVED
-CVE-2022-26393
- RESERVED
-CVE-2022-26392
- RESERVED
+CVE-2022-26394 (The Baxter Spectrum WBM does not perform mutual authentication with th ...)
+ TODO: check
+CVE-2022-26393 (The Baxter Spectrum WBM is susceptible to format string attacks via ap ...)
+ TODO: check
+CVE-2022-26392 (The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v1 ...)
+ TODO: check
CVE-2022-26391
RESERVED
-CVE-2022-26390
- RESERVED
+CVE-2022-26390 (The Baxter Spectrum Wireless Battery Module (WBM) stores network crede ...)
+ TODO: check
CVE-2022-26389
RESERVED
CVE-2022-26388
@@ -55410,7 +55435,7 @@ CVE-2022-21943
RESERVED
CVE-2022-21942
RESERVED
-CVE-2022-21941 (All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable ...)
+CVE-2022-21941 (All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable ...)
NOT-FOR-US: Sensormatic Electronics, LLC
CVE-2022-21940
RESERVED
@@ -56425,8 +56450,8 @@ CVE-2021-44837 (An issue was discovered in Delta RM 1.2. It is possible for an u
NOT-FOR-US: Delta RM
CVE-2021-44836 (An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/r ...)
NOT-FOR-US: Delta RM
-CVE-2021-44835
- RESERVED
+CVE-2021-44835 (An issue was discovered in Active Intelligent Visualization 5. The Vdc ...)
+ TODO: check
CVE-2021-44834
RESERVED
CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
@@ -71493,10 +71518,10 @@ CVE-2021-40650 (In Connx Version 6.2.0.1269 (20210623), a cookie can be issued b
NOT-FOR-US: Connx
CVE-2021-40649 (In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the ...)
NOT-FOR-US: Connx
-CVE-2021-40648
- RESERVED
-CVE-2021-40647
- RESERVED
+CVE-2021-40648 (In man2html 1.6g, a filename can be created to overwrite the previous ...)
+ TODO: check
+CVE-2021-40647 (In man2html 1.6g, a specific string being read in from a file will ove ...)
+ TODO: check
CVE-2021-40646
RESERVED
CVE-2021-40645 (An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/ ...)
@@ -97094,7 +97119,7 @@ CVE-2021-30561 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 all
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30560 (Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...)
- {DSA-5216-1}
+ {DSA-5216-1 DLA-3101-1}
- chromium 93.0.4577.82-1 (bug #990079)
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -178362,8 +178387,7 @@ CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions
NOTE: https://ceph.io/releases/v15-2-2-octopus-released/
NOTE: https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 (master)
NOTE: https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 (v15.2.2)
-CVE-2020-10735
- RESERVED
+CVE-2020-10735 (A flaw was found in python. In algorithms with quadratic time complexi ...)
- python3.11 <unfixed>
- python3.10 <unfixed>
- python3.9 <unfixed>
@@ -246716,7 +246740,7 @@ CVE-2019-5817 (Heap buffer overflow in ANGLE in Google Chrome on Windows prior t
CVE-2019-5816 (Process lifetime issue in Chrome in Google Chrome on Android prior to ...)
- chromium <not-affected> (Android-specific issue)
CVE-2019-5815 (Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1. ...)
- {DSA-4500-1}
+ {DSA-4500-1 DLA-3101-1}
- chromium 74.0.3729.108-1
[stretch] - chromium <end-of-life> (see DSA 4562)
- libxslt 1.1.34-2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeeae369f8e37b33bcc20d91ae51bc2f62c56614
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeeae369f8e37b33bcc20d91ae51bc2f62c56614
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220909/b2bcddd7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list