[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 12 21:10:31 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
065e552d by security tracker role at 2022-09-12T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,229 @@
+CVE-2022-40606
+	RESERVED
+CVE-2022-40605
+	RESERVED
+CVE-2022-40604
+	RESERVED
+CVE-2022-40603
+	RESERVED
+CVE-2022-40602
+	RESERVED
+CVE-2022-40601
+	RESERVED
+CVE-2022-40600
+	RESERVED
+CVE-2022-40599
+	RESERVED
+CVE-2022-40598
+	RESERVED
+CVE-2022-40597
+	RESERVED
+CVE-2022-40596
+	RESERVED
+CVE-2022-40595
+	RESERVED
+CVE-2022-40594
+	RESERVED
+CVE-2022-40593
+	RESERVED
+CVE-2022-40592
+	RESERVED
+CVE-2022-40591
+	RESERVED
+CVE-2022-40590
+	RESERVED
+CVE-2022-40589
+	RESERVED
+CVE-2022-40588
+	RESERVED
+CVE-2022-40587
+	RESERVED
+CVE-2022-40586
+	RESERVED
+CVE-2022-40585
+	RESERVED
+CVE-2022-40584
+	RESERVED
+CVE-2022-40583
+	RESERVED
+CVE-2022-40582
+	RESERVED
+CVE-2022-40581
+	RESERVED
+CVE-2022-40580
+	RESERVED
+CVE-2022-40579
+	RESERVED
+CVE-2022-40578
+	RESERVED
+CVE-2022-40577
+	RESERVED
+CVE-2022-40576
+	RESERVED
+CVE-2022-40575
+	RESERVED
+CVE-2022-40574
+	RESERVED
+CVE-2022-40573
+	RESERVED
+CVE-2022-40572
+	RESERVED
+CVE-2022-40571
+	RESERVED
+CVE-2022-40570
+	RESERVED
+CVE-2022-40569
+	RESERVED
+CVE-2022-40568
+	RESERVED
+CVE-2022-40567
+	RESERVED
+CVE-2022-40566
+	RESERVED
+CVE-2022-40565
+	RESERVED
+CVE-2022-40564
+	RESERVED
+CVE-2022-40563
+	RESERVED
+CVE-2022-40562
+	RESERVED
+CVE-2022-40561
+	RESERVED
+CVE-2022-40560
+	RESERVED
+CVE-2022-40559
+	RESERVED
+CVE-2022-40558
+	RESERVED
+CVE-2022-40557
+	RESERVED
+CVE-2022-40556
+	RESERVED
+CVE-2022-40555
+	RESERVED
+CVE-2022-40554
+	RESERVED
+CVE-2022-40553
+	RESERVED
+CVE-2022-40552
+	RESERVED
+CVE-2022-40551
+	RESERVED
+CVE-2022-40550
+	RESERVED
+CVE-2022-40549
+	RESERVED
+CVE-2022-40548
+	RESERVED
+CVE-2022-40547
+	RESERVED
+CVE-2022-40546
+	RESERVED
+CVE-2022-40545
+	RESERVED
+CVE-2022-40544
+	RESERVED
+CVE-2022-40543
+	RESERVED
+CVE-2022-40542
+	RESERVED
+CVE-2022-40541
+	RESERVED
+CVE-2022-40540
+	RESERVED
+CVE-2022-40539
+	RESERVED
+CVE-2022-40538
+	RESERVED
+CVE-2022-40537
+	RESERVED
+CVE-2022-40536
+	RESERVED
+CVE-2022-40535
+	RESERVED
+CVE-2022-40534
+	RESERVED
+CVE-2022-40533
+	RESERVED
+CVE-2022-40532
+	RESERVED
+CVE-2022-40531
+	RESERVED
+CVE-2022-40530
+	RESERVED
+CVE-2022-40529
+	RESERVED
+CVE-2022-40528
+	RESERVED
+CVE-2022-40527
+	RESERVED
+CVE-2022-40526
+	RESERVED
+CVE-2022-40525
+	RESERVED
+CVE-2022-40524
+	RESERVED
+CVE-2022-40523
+	RESERVED
+CVE-2022-40522
+	RESERVED
+CVE-2022-40521
+	RESERVED
+CVE-2022-40520
+	RESERVED
+CVE-2022-40519
+	RESERVED
+CVE-2022-40518
+	RESERVED
+CVE-2022-40517
+	RESERVED
+CVE-2022-40516
+	RESERVED
+CVE-2022-40515
+	RESERVED
+CVE-2022-40514
+	RESERVED
+CVE-2022-40513
+	RESERVED
+CVE-2022-40512
+	RESERVED
+CVE-2022-40511
+	RESERVED
+CVE-2022-40510
+	RESERVED
+CVE-2022-40509
+	RESERVED
+CVE-2022-40508
+	RESERVED
+CVE-2022-40507
+	RESERVED
+CVE-2022-40506
+	RESERVED
+CVE-2022-40505
+	RESERVED
+CVE-2022-40504
+	RESERVED
+CVE-2022-40503
+	RESERVED
+CVE-2022-40502
+	RESERVED
+CVE-2022-3181
+	RESERVED
+CVE-2022-3180
+	RESERVED
+CVE-2022-3179
+	RESERVED
+CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...)
+	TODO: check
+CVE-2022-3177
+	RESERVED
+CVE-2022-3176
+	RESERVED
+CVE-2022-3175
+	RESERVED
+CVE-2022-3174
+	RESERVED
 CVE-2022-40501
 	RESERVED
 CVE-2022-40500
@@ -6702,8 +6928,8 @@ CVE-2022-37862
 	RESERVED
 CVE-2022-37861
 	RESERVED
-CVE-2022-37860
-	RESERVED
+CVE-2022-37860 (The web configuration interface of the TP-Link M7350 V3 with firmware  ...)
+	TODO: check
 CVE-2022-37859
 	RESERVED
 CVE-2022-37858
@@ -6752,8 +6978,8 @@ CVE-2022-37837
 	RESERVED
 CVE-2022-37836
 	RESERVED
-CVE-2022-37835
-	RESERVED
+CVE-2022-37835 (Torguard VPN 4.8, has a vulnerability that allows an attacker to dump  ...)
+	TODO: check
 CVE-2022-37834
 	RESERVED
 CVE-2022-37833
@@ -6828,8 +7054,8 @@ CVE-2022-37799 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack over
 	NOT-FOR-US: Tenda
 CVE-2022-37798 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...)
 	NOT-FOR-US: Tenda
-CVE-2022-37797
-	RESERVED
+CVE-2022-37797 (In lighttpd 1.4.65, mod_wstunnel does not initialize a handler functio ...)
+	TODO: check
 CVE-2022-37796 (In Simple Online Book Store System 1.0 in /admin_book.php the Title, A ...)
 	NOT-FOR-US: Simple Online Book Store System
 CVE-2022-37795
@@ -6900,8 +7126,8 @@ CVE-2022-37768 (libjpeg commit 281daa9 was discovered to contain an infinite loo
 	NOTE: https://github.com/thorfdbg/libjpeg/issues/77
 	NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977
 	NOTE: Hang in CLI tool, no security impact
-CVE-2022-37767
-	RESERVED
+CVE-2022-37767 (Pebble Templates 3.1.5 allows attackers to bypass a protection mechani ...)
+	TODO: check
 CVE-2022-37766
 	RESERVED
 CVE-2022-37765
@@ -6966,8 +7192,8 @@ CVE-2022-37736
 	RESERVED
 CVE-2022-37735
 	RESERVED
-CVE-2022-37734
-	RESERVED
+CVE-2022-37734 (graphql-java before19.0 is vulnerable to Denial of Service. An attacke ...)
+	TODO: check
 CVE-2022-37733
 	RESERVED
 CVE-2022-37732
@@ -7662,7 +7888,7 @@ CVE-2022-2669
 CVE-2022-2668 (An issue was discovered in Keycloak that allows arbitrary Javascript t ...)
 	NOT-FOR-US: Keycloak
 CVE-2022-37434 (zlib through 1.2.12 has a heap-based buffer over-read or buffer overfl ...)
-	{DSA-5218-1}
+	{DSA-5218-1 DLA-3103-1}
 	- zlib 1:1.2.11.dfsg-4.1 (bug #1016710)
 	- libz-mingw-w64 1.2.12+dfsg-2
 	[bullseye] - libz-mingw-w64 <no-dsa> (Minor issue)
@@ -8159,8 +8385,8 @@ CVE-2022-37302
 	RESERVED
 CVE-2022-37301
 	RESERVED
-CVE-2022-37300
-	RESERVED
+CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...)
+	TODO: check
 CVE-2022-2601
 	RESERVED
 CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set re ...)
@@ -24224,20 +24450,20 @@ CVE-2022-31228
 	RESERVED
 CVE-2022-31227
 	RESERVED
-CVE-2022-31226
-	RESERVED
-CVE-2022-31225
-	RESERVED
-CVE-2022-31224
-	RESERVED
-CVE-2022-31223
-	RESERVED
-CVE-2022-31222
-	RESERVED
-CVE-2022-31221
-	RESERVED
-CVE-2022-31220
-	RESERVED
+CVE-2022-31226 (Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability ...)
+	TODO: check
+CVE-2022-31225 (Dell BIOS versions contain an Unchecked Return Value vulnerability. A  ...)
+	TODO: check
+CVE-2022-31224 (Dell BIOS versions contain an Improper Protection Against Voltage and  ...)
+	TODO: check
+CVE-2022-31223 (Dell BIOS versions contain an Improper Neutralization of Null Byte vul ...)
+	TODO: check
+CVE-2022-31222 (Dell BIOS versions contain a Missing Release of Resource after Effecti ...)
+	TODO: check
+CVE-2022-31221 (Dell BIOS versions contain an Information Exposure vulnerability. A lo ...)
+	TODO: check
+CVE-2022-31220 (Dell BIOS versions contain an Unchecked Return Value vulnerability. A  ...)
+	TODO: check
 CVE-2022-31219 (Vulnerabilities in the Drive Composer allow a low privileged attacker  ...)
 	NOT-FOR-US: Drive Composer
 CVE-2022-31218 (Vulnerabilities in the Drive Composer allow a low privileged attacker  ...)
@@ -26026,8 +26252,8 @@ CVE-2022-1702 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlie
 	NOT-FOR-US: SonicWall
 CVE-2022-1701 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...)
 	NOT-FOR-US: SonicWall
-CVE-2022-1700
-	RESERVED
+CVE-2022-1700 (Improper Restriction of XML External Entity Reference ('XXE') vulnerab ...)
+	TODO: check
 CVE-2022-30616 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow  ...)
 	NOT-FOR-US: IBM
 CVE-2022-30615
@@ -44669,7 +44895,7 @@ CVE-2022-24303 (Pillow before 9.0.1 allows attackers to delete files because spa
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
 	NOTE: https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26 (9.0.1)
 CVE-2022-24302 (In Paramiko before 2.10.1, a race condition (between creation and chmo ...)
-	{DLA-2959-1}
+	{DLA-3104-1 DLA-2959-1}
 	- paramiko 2.10.3-1 (bug #1008012)
 	[bullseye] - paramiko <no-dsa> (Minor issue)
 	NOTE: https://github.com/paramiko/paramiko/commit/4c491e299c9b800358b16fa4886d8d94f45abe2e (2.10.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/065e552d598e13dc37007c8f77db9569a26ecf48

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/065e552d598e13dc37007c8f77db9569a26ecf48
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220912/97eaea78/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list