[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 13 21:10:40 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
019fee87 by security tracker role at 2022-09-13T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2022-40635 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
+ TODO: check
+CVE-2022-40634 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
+ TODO: check
+CVE-2022-40631
+ RESERVED
+CVE-2022-38097
+ RESERVED
+CVE-2022-37332
+ RESERVED
+CVE-2022-32774
+ RESERVED
+CVE-2022-3209
+ RESERVED
+CVE-2022-3208
+ RESERVED
+CVE-2022-3207
+ RESERVED
+CVE-2022-3206
+ RESERVED
+CVE-2022-3205
+ RESERVED
+CVE-2022-3204
+ RESERVED
+CVE-2022-3203
+ RESERVED
+CVE-2022-3202
+ RESERVED
+CVE-2022-3201
+ RESERVED
+CVE-2022-3200
+ RESERVED
+CVE-2022-3199
+ RESERVED
+CVE-2022-3198
+ RESERVED
+CVE-2022-3197
+ RESERVED
+CVE-2022-3196
+ RESERVED
+CVE-2022-3195
+ RESERVED
+CVE-2022-3194
+ RESERVED
+CVE-2022-3193
+ RESERVED
CVE-2022-40630
RESERVED
CVE-2022-40629
@@ -50,8 +96,8 @@ CVE-2022-3192
RESERVED
CVE-2022-3191
RESERVED
-CVE-2022-3190
- RESERVED
+CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in Wiresha ...)
+ TODO: check
CVE-2022-3189
RESERVED
CVE-2022-3188
@@ -282,8 +328,8 @@ CVE-2022-3181
RESERVED
CVE-2022-3180
RESERVED
-CVE-2022-3179
- RESERVED
+CVE-2022-3179 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
+ TODO: check
CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...)
- gpac <not-affected> (Fix for CVE-2022-30976 not applied)
NOTE: https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0
@@ -293,10 +339,10 @@ CVE-2022-3177
RESERVED
CVE-2022-3176
RESERVED
-CVE-2022-3175
- RESERVED
-CVE-2022-3174
- RESERVED
+CVE-2022-3175 (Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior ...)
+ TODO: check
+CVE-2022-3174 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
+ TODO: check
CVE-2022-40501
RESERVED
CVE-2022-40500
@@ -694,8 +740,7 @@ CVE-2022-3172
RESERVED
CVE-2022-3171
RESERVED
-CVE-2022-3170
- RESERVED
+CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound subs ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125879
NOTE: https://git.kernel.org/linus/6ab55ec0a938c7f943a4edba3d6514f775983887 (6.0-rc4)
@@ -915,8 +960,8 @@ CVE-2022-38144 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team
NOT-FOR-US: WordPress plugin
CVE-2022-38140
RESERVED
-CVE-2022-38139
- RESERVED
+CVE-2022-38139 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Stati ...)
+ TODO: check
CVE-2022-38137
RESERVED
CVE-2022-38135 (Broken Access Control vulnerability in Dean Oakley's Photospace Galler ...)
@@ -1848,12 +1893,12 @@ CVE-2022-39803
RESERVED
CVE-2022-39802
RESERVED
-CVE-2022-39801
- RESERVED
+CVE-2022-39801 (SAP GRC Access control Emergency Access Management allows an authentic ...)
+ TODO: check
CVE-2022-39800
RESERVED
-CVE-2022-39799
- RESERVED
+CVE-2022-39799 (An attacker with no prior authentication could craft and send maliciou ...)
+ TODO: check
CVE-2022-3117
RESERVED
CVE-2022-3116
@@ -3070,20 +3115,20 @@ CVE-2022-39210
RESERVED
CVE-2022-39209
RESERVED
-CVE-2022-39208
- RESERVED
-CVE-2022-39207
- RESERVED
-CVE-2022-39206
- RESERVED
-CVE-2022-39205
- RESERVED
+CVE-2022-39208 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...)
+ TODO: check
+CVE-2022-39207 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...)
+ TODO: check
+CVE-2022-39206 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...)
+ TODO: check
+CVE-2022-39205 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...)
+ TODO: check
CVE-2022-39204
RESERVED
-CVE-2022-39203
- RESERVED
-CVE-2022-39202
- RESERVED
+CVE-2022-39203 (matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. ...)
+ TODO: check
+CVE-2022-39202 (matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. ...)
+ TODO: check
CVE-2022-39201
RESERVED
CVE-2022-39200 (Dendrite is a Matrix homeserver written in Go. In affected versions ev ...)
@@ -3228,50 +3273,50 @@ CVE-2022-39188 (An issue was discovered in include/asm-generic/tlb.h in the Linu
NOTE: https://git.kernel.org/linus/b67fbebd4cf980aecbcc750e1462128bffe8ae15
CVE-2022-39159
RESERVED
-CVE-2022-39158
- RESERVED
+CVE-2022-39158 (A vulnerability has been identified in RUGGEDCOM ROS RMC8388 (All vers ...)
+ TODO: check
CVE-2022-39157
RESERVED
-CVE-2022-39156
- RESERVED
-CVE-2022-39155
- RESERVED
-CVE-2022-39154
- RESERVED
-CVE-2022-39153
- RESERVED
-CVE-2022-39152
- RESERVED
-CVE-2022-39151
- RESERVED
-CVE-2022-39150
- RESERVED
-CVE-2022-39149
- RESERVED
-CVE-2022-39148
- RESERVED
-CVE-2022-39147
- RESERVED
-CVE-2022-39146
- RESERVED
-CVE-2022-39145
- RESERVED
-CVE-2022-39144
- RESERVED
-CVE-2022-39143
- RESERVED
-CVE-2022-39142
- RESERVED
-CVE-2022-39141
- RESERVED
-CVE-2022-39140
- RESERVED
-CVE-2022-39139
- RESERVED
-CVE-2022-39138
- RESERVED
-CVE-2022-39137
- RESERVED
+CVE-2022-39156 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39155 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39154 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39153 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39152 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39151 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39150 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39149 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39148 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39147 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39146 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39145 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39144 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39143 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39142 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39141 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39140 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39139 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39138 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
+CVE-2022-39137 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
+ TODO: check
CVE-2022-39136
RESERVED
CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NOD ...)
@@ -3705,8 +3750,8 @@ CVE-2022-3034
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3034
CVE-2022-39015
RESERVED
-CVE-2022-39014
- RESERVED
+CVE-2022-39014 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...)
+ TODO: check
CVE-2022-39013
RESERVED
CVE-2022-39012
@@ -4131,18 +4176,18 @@ CVE-2022-38797
RESERVED
CVE-2022-38796
RESERVED
-CVE-2022-38453
- RESERVED
+CVE-2022-38453 (Multiple binary application files on the CMS8000 device are compiled w ...)
+ TODO: check
CVE-2022-38399 (Missing protection mechanism for alternate hardware interface in SmaCa ...)
NOT-FOR-US: SmaCam
CVE-2022-38138
RESERVED
-CVE-2022-38100
- RESERVED
-CVE-2022-38069
- RESERVED
-CVE-2022-36385
- RESERVED
+CVE-2022-38100 (The CMS800 device fails while attempting to parse malformed network da ...)
+ TODO: check
+CVE-2022-38069 (Multiple globally default credentials exist across all CMS8000 devices ...)
+ TODO: check
+CVE-2022-36385 (A threat actor with momentary access to the device can plug in a USB d ...)
+ TODO: check
CVE-2022-3033
RESERVED
- thunderbird 1:102.2.1-1
@@ -4162,15 +4207,15 @@ CVE-2022-3031
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-3030
RESERVED
-CVE-2022-3029
- RESERVED
+CVE-2022-3029 (In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mi ...)
+ TODO: check
CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for tran ...)
- linux 5.19.6-1
[bullseye] - linux 5.10.140-1
NOTE: https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/
NOTE: https://git.kernel.org/linus/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 (6.0-rc3)
-CVE-2022-3027
- RESERVED
+CVE-2022-3027 (The CMS8000 device does not properly control or sanitize the SSID name ...)
+ TODO: check
CVE-2022-3026 (The WP Users Exporter plugin for WordPress is vulnerable to CSV Inject ...)
NOT-FOR-US: WP Users Exporter plugin for WordPress
CVE-2022-3025
@@ -4387,15 +4432,13 @@ CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's Ligh
[buster] - linux 4.19.249-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-960/
NOTE: CONFIG_NVM not enabled in Debian
-CVE-2022-2990
- RESERVED
+CVE-2022-2990 (An incorrect handling of the supplementary groups in the Buildah conta ...)
- golang-github-containers-buildah <unfixed>
NOTE: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
NOTE: https://github.com/containers/buildah/pull/4200
NOTE: https://github.com/containers/buildah/commit/9934b17365083ce966b44c5ce3c7e052f516e255
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121453
-CVE-2022-2989
- RESERVED
+CVE-2022-2989 (An incorrect handling of the supplementary groups in the Podman contai ...)
- libpod <unfixed> (bug #1019591)
NOTE: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121445
@@ -4823,8 +4866,8 @@ CVE-2022-38618
RESERVED
CVE-2022-38617
RESERVED
-CVE-2022-38616
- RESERVED
+CVE-2022-38616 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
+ TODO: check
CVE-2022-38615 (SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL inject ...)
NOT-FOR-US: SmartVista
CVE-2022-38614 (An issue in the IGB Files and OutfileService features of SmartVista Ca ...)
@@ -4971,18 +5014,18 @@ CVE-2022-38544
RESERVED
CVE-2022-38543
RESERVED
-CVE-2022-38542
- RESERVED
-CVE-2022-38541
- RESERVED
-CVE-2022-38540
- RESERVED
-CVE-2022-38539
- RESERVED
-CVE-2022-38538
- RESERVED
-CVE-2022-38537
- RESERVED
+CVE-2022-38542 (Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vul ...)
+ TODO: check
+CVE-2022-38541 (Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL inject ...)
+ TODO: check
+CVE-2022-38540 (Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vul ...)
+ TODO: check
+CVE-2022-38539 (Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vul ...)
+ TODO: check
+CVE-2022-38538 (Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vul ...)
+ TODO: check
+CVE-2022-38537 (Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL inject ...)
+ TODO: check
CVE-2022-38536
RESERVED
CVE-2022-38535
@@ -5217,8 +5260,8 @@ CVE-2022-2910
RESERVED
CVE-2022-2909 (A vulnerability was found in SourceCodester Simple and Nice Shopping C ...)
NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script
-CVE-2022-38466
- RESERVED
+CVE-2022-38466 (A vulnerability has been identified in CoreShield One-Way Gateway (OWG ...)
+ TODO: check
CVE-2022-38465
RESERVED
CVE-2022-38089 (Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/ ...)
@@ -6642,10 +6685,10 @@ CVE-2022-38022
RESERVED
CVE-2022-38021
RESERVED
-CVE-2022-38020
- RESERVED
-CVE-2022-38019
- RESERVED
+CVE-2022-38020 (Visual Studio Code Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-38019 (AV1 Video Extension Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-38018
RESERVED
CVE-2022-38017
@@ -6656,26 +6699,26 @@ CVE-2022-38015
RESERVED
CVE-2022-38014
RESERVED
-CVE-2022-38013
- RESERVED
-CVE-2022-38012
- RESERVED
-CVE-2022-38011
- RESERVED
-CVE-2022-38010
- RESERVED
-CVE-2022-38009
- RESERVED
-CVE-2022-38008
- RESERVED
-CVE-2022-38007
- RESERVED
-CVE-2022-38006
- RESERVED
-CVE-2022-38005
- RESERVED
-CVE-2022-38004
- RESERVED
+CVE-2022-38013 (.NET Core and Visual Studio Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-38012 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-38011 (Raw Image Extension Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-38010 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-38009 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
+ TODO: check
+CVE-2022-38008 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
+ TODO: check
+CVE-2022-38007 (Azure Guest Configuration and Azure Arc-enabled servers Elevation of P ...)
+ TODO: check
+CVE-2022-38006 (Windows Graphics Component Information Disclosure Vulnerability. This ...)
+ TODO: check
+CVE-2022-38005 (Windows Print Spooler Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-38004 (Windows Fax Service Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-38003
RESERVED
CVE-2022-38002
@@ -6744,8 +6787,8 @@ CVE-2022-37971
RESERVED
CVE-2022-37970
RESERVED
-CVE-2022-37969
- RESERVED
+CVE-2022-37969 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
CVE-2022-37968
RESERVED
CVE-2022-37967
@@ -6754,28 +6797,28 @@ CVE-2022-37966
RESERVED
CVE-2022-37965
RESERVED
-CVE-2022-37964
- RESERVED
-CVE-2022-37963
- RESERVED
-CVE-2022-37962
- RESERVED
-CVE-2022-37961
- RESERVED
+CVE-2022-37964 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-37963 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-37962 (Microsoft PowerPoint Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-37961 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
+ TODO: check
CVE-2022-37960
RESERVED
-CVE-2022-37959
- RESERVED
-CVE-2022-37958
- RESERVED
-CVE-2022-37957
- RESERVED
-CVE-2022-37956
- RESERVED
-CVE-2022-37955
- RESERVED
-CVE-2022-37954
- RESERVED
+CVE-2022-37959 (Network Device Enrollment Service (NDES) Security Feature Bypass Vulne ...)
+ TODO: check
+CVE-2022-37958 (SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Di ...)
+ TODO: check
+CVE-2022-37957 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-37956 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-37955 (Windows Group Policy Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-37954 (DirectX Graphics Kernel Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-37953 (An HTTP response splitting vulnerability exists in the AM Gateway Chal ...)
NOT-FOR-US: GE Gas Power
CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in the iHi ...)
@@ -8459,8 +8502,8 @@ CVE-2022-37304
RESERVED
CVE-2022-37303
RESERVED
-CVE-2022-37302
- RESERVED
+CVE-2022-37302 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
+ TODO: check
CVE-2022-37301
RESERVED
CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...)
@@ -9209,8 +9252,8 @@ CVE-2022-37013
RESERVED
CVE-2022-37012
RESERVED
-CVE-2022-37011
- RESERVED
+CVE-2022-37011 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...)
+ TODO: check
CVE-2022-37010 (In JetBrains IntelliJ IDEA before 2022.2 email address validation in t ...)
- intellij-idea <itp> (bug #747616)
CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Va ...)
@@ -9726,16 +9769,16 @@ CVE-2022-36784
RESERVED
CVE-2022-36783
RESERVED
-CVE-2022-36782
- RESERVED
+CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerabi ...)
+ TODO: check
CVE-2022-36781
RESERVED
-CVE-2022-36780
- RESERVED
-CVE-2022-36779
- RESERVED
-CVE-2022-36778
- RESERVED
+CVE-2022-36780 (Avdor CIS - crystal quality Credentials Management Errors. The product ...)
+ TODO: check
+CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (w ...)
+ TODO: check
+CVE-2022-36778 (insert HTML / js code inside input how to get to the vulnerable input ...)
+ TODO: check
CVE-2022-36777
RESERVED
CVE-2022-36776
@@ -10830,11 +10873,11 @@ CVE-2022-36327
RESERVED
CVE-2022-36326
RESERVED
-CVE-2022-36325 (A vulnerability has been identified in SCALANCE M-800 / S615 (All vers ...)
+CVE-2022-36325 (Affected devices do not properly sanitize data introduced by an user w ...)
NOT-FOR-US: Siemens
-CVE-2022-36324 (A vulnerability has been identified in SCALANCE M-800 / S615 (All vers ...)
+CVE-2022-36324 (Affected devices do not properly handle the renegotiation of SSL/TLS p ...)
NOT-FOR-US: Siemens
-CVE-2022-36323 (A vulnerability has been identified in SCALANCE M-800 / S615 (All vers ...)
+CVE-2022-36323 (Affected devices do not properly sanitize an input field. This could a ...)
NOT-FOR-US: Siemens
CVE-2022-36322 (In JetBrains TeamCity before 2022.04.2 build parameter injection was p ...)
NOT-FOR-US: JetBrains TeamCity
@@ -11502,18 +11545,18 @@ CVE-2022-36109 (Moby is an open-source project created by Docker to enable softw
[bullseye] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
NOTE: https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32
-CVE-2022-36108
- RESERVED
-CVE-2022-36107
- RESERVED
-CVE-2022-36106
- RESERVED
-CVE-2022-36105
- RESERVED
-CVE-2022-36104
- RESERVED
-CVE-2022-36103
- RESERVED
+CVE-2022-36108 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
+CVE-2022-36107 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
+CVE-2022-36106 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
+CVE-2022-36105 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
+CVE-2022-36104 (TYPO3 is an open source PHP based web content management system releas ...)
+ TODO: check
+CVE-2022-36103 (Talos Linux is a Linux distribution built for Kubernetes deployments. ...)
+ TODO: check
CVE-2022-36102 (Shopware is an open source e-commerce software. In affected versions i ...)
NOT-FOR-US: Shopware
CVE-2022-36101 (Shopware is an open source e-commerce software. In affected versions t ...)
@@ -11702,8 +11745,8 @@ CVE-2022-36022
RESERVED
CVE-2022-36021
RESERVED
-CVE-2022-36020
- RESERVED
+CVE-2022-36020 (The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, ...)
+ TODO: check
CVE-2022-36019
RESERVED
CVE-2022-36018
@@ -12165,34 +12208,34 @@ CVE-2022-35843
RESERVED
CVE-2022-35842
RESERVED
-CVE-2022-35841
- RESERVED
-CVE-2022-35840
- RESERVED
+CVE-2022-35841 (Windows Enterprise App Management Service Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2022-35840 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
+ TODO: check
CVE-2022-35839
RESERVED
-CVE-2022-35838
- RESERVED
-CVE-2022-35837
- RESERVED
-CVE-2022-35836
- RESERVED
-CVE-2022-35835
- RESERVED
-CVE-2022-35834
- RESERVED
-CVE-2022-35833
- RESERVED
-CVE-2022-35832
- RESERVED
-CVE-2022-35831
- RESERVED
-CVE-2022-35830
- RESERVED
+CVE-2022-35838 (HTTP V3 Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-35837 (Windows Graphics Component Information Disclosure Vulnerability. This ...)
+ TODO: check
+CVE-2022-35836 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2022-35835 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2022-35834 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2022-35833 (Windows Secure Channel Denial of Service Vulnerability. This CVE ID is ...)
+ TODO: check
+CVE-2022-35832 (Windows Event Tracing Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-35831 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ TODO: check
+CVE-2022-35830 (Remote Procedure Call Runtime Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-35829
RESERVED
-CVE-2022-35828
- RESERVED
+CVE-2022-35828 (Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnera ...)
+ TODO: check
CVE-2022-35827 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
NOT-FOR-US: Microsoft
CVE-2022-35826 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
@@ -12201,8 +12244,8 @@ CVE-2022-35825 (Visual Studio Remote Code Execution Vulnerability. This CVE ID i
NOT-FOR-US: Microsoft
CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
NOT-FOR-US: Microsoft
-CVE-2022-35823
- RESERVED
+CVE-2022-35823 (Microsoft SharePoint Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-35822 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability. ...)
@@ -12237,12 +12280,12 @@ CVE-2022-35807 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
NOT-FOR-US: Microsoft
CVE-2022-35806 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
NOT-FOR-US: Microsoft
-CVE-2022-35805
- RESERVED
+CVE-2022-35805 (Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerabili ...)
+ TODO: check
CVE-2022-35804 (SMB Client and Server Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-35803
- RESERVED
+CVE-2022-35803 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
CVE-2022-35802 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-35801 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
@@ -13545,20 +13588,20 @@ CVE-2022-2340 (The W-DALIL WordPress plugin through 2.0 does not sanitise and es
NOT-FOR-US: WordPress plugin
CVE-2022-35299
RESERVED
-CVE-2022-35298
- RESERVED
+CVE-2022-35298 (SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not suffici ...)
+ TODO: check
CVE-2022-35297
RESERVED
CVE-2022-35296
RESERVED
-CVE-2022-35295
- RESERVED
-CVE-2022-35294
- RESERVED
+CVE-2022-35295 (Under certain conditions, the application SAP BusinessObjects Business ...)
+ TODO: check
+CVE-2022-35294 (An attacker with basic business user privileges could craft and upload ...)
+ TODO: check
CVE-2022-35293 (Due to insecure session management, SAP Enable Now allows an unauthent ...)
NOT-FOR-US: SAP
-CVE-2022-35292
- RESERVED
+CVE-2022-35292 (In SAP Business One application when a service is created, the executa ...)
+ TODO: check
CVE-2022-35291 (Due to misconfigured application endpoints, SAP SuccessFactors attachm ...)
NOT-FOR-US: SAP
CVE-2022-35290 (Under certain conditions SAP Authenticator for Android allows an attac ...)
@@ -15105,40 +15148,40 @@ CVE-2017-20123 (A vulnerability was found in Viscosity 1.6.7. It has been classi
NOT-FOR-US: Viscosity on Windows and macOS
CVE-2017-20122 (A vulnerability classified as problematic was found in Bitrix Site Man ...)
NOT-FOR-US: Bitrix Site Manager
-CVE-2022-34734
- RESERVED
-CVE-2022-34733
- RESERVED
-CVE-2022-34732
- RESERVED
-CVE-2022-34731
- RESERVED
-CVE-2022-34730
- RESERVED
-CVE-2022-34729
- RESERVED
-CVE-2022-34728
- RESERVED
-CVE-2022-34727
- RESERVED
-CVE-2022-34726
- RESERVED
-CVE-2022-34725
- RESERVED
-CVE-2022-34724
- RESERVED
-CVE-2022-34723
- RESERVED
-CVE-2022-34722
- RESERVED
-CVE-2022-34721
- RESERVED
-CVE-2022-34720
- RESERVED
-CVE-2022-34719
- RESERVED
-CVE-2022-34718
- RESERVED
+CVE-2022-34734 (Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-34733 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2022-34732 (Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-34731 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2022-34730 (Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-34729 (Windows GDI Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-34728 (Windows Graphics Component Information Disclosure Vulnerability. This ...)
+ TODO: check
+CVE-2022-34727 (Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-34726 (Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-34725 (Windows ALPC Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-34724 (Windows DNS Server Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-34723 (Windows DPAPI (Data Protection Application Programming Interface) Info ...)
+ TODO: check
+CVE-2022-34722 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...)
+ TODO: check
+CVE-2022-34721 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...)
+ TODO: check
+CVE-2022-34720 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...)
+ TODO: check
+CVE-2022-34719 (Windows Distributed File System (DFS) Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-34717 (Microsoft Office Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-34716 (.NET Spoofing Vulnerability. ...)
@@ -15173,8 +15216,8 @@ CVE-2022-34702 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Exec
NOT-FOR-US: Microsoft
CVE-2022-34701 (Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vuln ...)
NOT-FOR-US: Microsoft
-CVE-2022-34700
- RESERVED
+CVE-2022-34700 (Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerabili ...)
+ TODO: check
CVE-2022-34699 (Windows Win32k Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-34698
@@ -16829,8 +16872,8 @@ CVE-2022-34102
RESERVED
CVE-2022-34101
RESERVED
-CVE-2022-34100
- RESERVED
+CVE-2022-34100 (A vulnerability was discovered in the Crestron AirMedia Windows Applic ...)
+ TODO: check
CVE-2022-34099
RESERVED
CVE-2022-34098
@@ -18025,8 +18068,8 @@ CVE-2022-33681
RESERVED
CVE-2022-33680 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-33679
- RESERVED
+CVE-2022-33679 (Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is ...)
+ TODO: check
CVE-2022-33678 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
NOT-FOR-US: Microsoft
CVE-2022-33677 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
@@ -18089,8 +18132,8 @@ CVE-2022-33649 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerab
NOT-FOR-US: Microsoft
CVE-2022-33648 (Microsoft Excel Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-33647
- RESERVED
+CVE-2022-33647 (Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is ...)
+ TODO: check
CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-33645
@@ -21223,6 +21266,7 @@ CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the Altra
CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...)
NOT-FOR-US: Zimbra
CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HT ...)
+ {DLA-3105-1}
- connman 1.41-2 (bug #1016976)
NOTE: https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org/
NOTE: https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org/
@@ -21230,6 +21274,7 @@ CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a WI
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=416bfaff988882c553c672e5bfc2d4f648d29e8a
CVE-2022-32292 (In ConnMan through 1.41, remote attackers able to send HTTP requests t ...)
+ {DLA-3105-1}
- connman 1.41-2 (bug #1016976)
NOTE: https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200189
@@ -21728,8 +21773,7 @@ CVE-2022-32192 (Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive
NOT-FOR-US: Couchbase Server
CVE-2022-32191
RESERVED
-CVE-2022-32190
- RESERVED
+CVE-2022-32190 (JoinPath and URL.JoinPath do not remove ../ path elements appended to ...)
- golang-1.19 1.19.1-1
- golang-1.18 <not-affected> (Vulnerable code introduced in 1.19)
- golang-1.17 <not-affected> (Vulnerable code introduced in 1.19)
@@ -27370,8 +27414,8 @@ CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-ba
- wpewebkit 2.36.1-1
CVE-2022-29894 (Strapi v3.x.x versions and earlier contain a stored cross-site scripti ...)
NOT-FOR-US: Strapi
-CVE-2022-1602
- RESERVED
+CVE-2022-1602 (A potential security vulnerability has been identified in HP ThinPro 7 ...)
+ TODO: check
CVE-2022-1601
RESERVED
CVE-2022-1600 (The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visit ...)
@@ -27684,16 +27728,16 @@ CVE-2022-30202 (Windows Advanced Local Procedure Call Elevation of Privilege Vul
NOT-FOR-US: Microsoft
CVE-2022-30201
RESERVED
-CVE-2022-30200
- RESERVED
+CVE-2022-30200 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
+ TODO: check
CVE-2022-30199
RESERVED
CVE-2022-30198
RESERVED
CVE-2022-30197 (Windows Kernel Information Disclosure Vulnerability. This CVE ID is un ...)
NOT-FOR-US: Microsoft
-CVE-2022-30196
- RESERVED
+CVE-2022-30196 (Windows Secure Channel Denial of Service Vulnerability. This CVE ID is ...)
+ TODO: check
CVE-2022-30195
RESERVED
CVE-2022-30194 (Windows WebBrowser Control Remote Code Execution Vulnerability. ...)
@@ -27744,8 +27788,8 @@ CVE-2022-30172 (Microsoft Office Information Disclosure Vulnerability. This CVE
NOT-FOR-US: Microsoft
CVE-2022-30171 (Microsoft Office Information Disclosure Vulnerability. This CVE ID is ...)
NOT-FOR-US: Microsoft
-CVE-2022-30170
- RESERVED
+CVE-2022-30170 (Windows Credential Roaming Service Elevation of Privilege Vulnerabilit ...)
+ TODO: check
CVE-2022-30169
RESERVED
CVE-2022-30168 (Microsoft Photos App Remote Code Execution Vulnerability. ...)
@@ -32068,8 +32112,8 @@ CVE-2022-1280 (A use-after-free vulnerability was found in drm_lease_held in dri
NOTE: https://www.openwall.com/lists/oss-security/2022/04/12/3
CVE-2022-1279 (A vulnerability in the encryption implementation of EBICS messages in ...)
NOT-FOR-US: ebics-java
-CVE-2022-1278
- RESERVED
+CVE-2022-1278 (A flaw was found in WildFly, where an attacker can see deployment name ...)
+ TODO: check
CVE-2022-1277 (Inavitas Solar Log product has an unauthenticated SQL Injection vulner ...)
NOT-FOR-US: Inavitas Solar Log
CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby pr ...)
@@ -37308,10 +37352,10 @@ CVE-2022-26931 (Windows Kerberos Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26930 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-26929
- RESERVED
-CVE-2022-26928
- RESERVED
+CVE-2022-26929 (.NET Framework Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-26928 (Windows Photo Import API Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-26927 (Windows Graphics Component Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26926 (Windows Address Book Remote Code Execution Vulnerability. ...)
@@ -40822,7 +40866,7 @@ CVE-2022-0727 (Improper Access Control in GitHub repository chocobozzz/peertube
- peertube <itp> (bug #950821)
CVE-2022-0726 (Improper Authorization in GitHub repository chocobozzz/peertube prior ...)
- peertube <itp> (bug #950821)
-CVE-2022-0725 (A flaw was found in KeePass. The vulnerability occurs due to logging t ...)
+CVE-2022-0725 (A flaw was found in keepass. The vulnerability occurs due to logging t ...)
NOTE: Non-issue, broken report against keepass2, couldn't be reproduced with
NOTE: Debian, Fedora and by upstream, see bug #1008022
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052696
@@ -40841,6 +40885,7 @@ CVE-2022-0720 (The Amelia WordPress plugin before 1.0.47 does not have proper au
CVE-2022-0719 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
NOT-FOR-US: microweber
CVE-2022-0718 (A flaw was found in python-oslo-utils. Due to improper parsing, passwo ...)
+ {DLA-3106-1}
- python-oslo.utils 4.10.1-1
[bullseye] - python-oslo.utils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056850
@@ -41622,7 +41667,7 @@ CVE-2022-23182 (Improper access control in the Intel(R) Data Center Manager soft
NOT-FOR-US: Intel
CVE-2022-22139 (Uncontrolled search path in the Intel(R) XTU software before version 7 ...)
NOT-FOR-US: Intel
-CVE-2022-21225 (Improper access control in the Intel(R) Data Center Manager software b ...)
+CVE-2022-21225 (Improper neutralization in the Intel(R) Data Center Manager software b ...)
NOT-FOR-US: Intel
CVE-2022-21198
RESERVED
@@ -125102,6 +125147,7 @@ CVE-2021-20224 (An integer overflow issue was discovered in ImageMagick's Export
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5af1dffa4b6ab984b5f13d1e91c95760d75f12a6
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/553054c1cb1e4e05ec86237afef76a32cd7c464d
CVE-2021-20223 (An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize. ...)
+ {DLA-3107-1}
- sqlite3 3.34.0-1
NOTE: https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b (version-3.34.0)
NOTE: https://sqlite.org/src/info/b7b7bde9b7a03665
@@ -125627,12 +125673,14 @@ CVE-2020-35529
CVE-2020-35528
REJECTED
CVE-2020-35527 (In SQLite 3.31.1, there is an out of bounds access problem through ALT ...)
+ {DLA-3107-1}
- sqlite3 3.32.0-1
NOTE: https://www.sqlite.org/src/info/c431b3fd8fd0f6a6
NOTE: https://github.com/sqlite/sqlite/commit/0990c415f65d2556a5e4122cbe5727d500411aeb (version-3.32.0)
CVE-2020-35526
REJECTED
CVE-2020-35525 (In SQlite 3.31.1, a potential null pointer derreference was found in t ...)
+ {DLA-3107-1}
- sqlite3 3.32.0-1
NOTE: https://www.sqlite.org/src/info/a67cf5b7d37d5b14
NOTE: https://github.com/sqlite/sqlite/commit/5f69512404cd2e5153ddf90ea277fbba6dd58ab7 (version-3.32.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/019fee8773ce5d94e3c4b3168b2cc7cb91b20671
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/019fee8773ce5d94e3c4b3168b2cc7cb91b20671
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220913/93c5fee9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list