[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 14 09:10:28 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
78a370a2 by security tracker role at 2022-09-14T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent function i ...)
+ TODO: check
+CVE-2022-40673 (KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods ...)
+ TODO: check
+CVE-2022-40670
+ RESERVED
+CVE-2022-40669
+ RESERVED
+CVE-2022-40668
+ RESERVED
+CVE-2022-40667
+ RESERVED
+CVE-2022-40666
+ RESERVED
+CVE-2022-40665
+ RESERVED
+CVE-2022-40664
+ RESERVED
+CVE-2022-40663
+ RESERVED
+CVE-2022-40662
+ RESERVED
+CVE-2022-40661
+ RESERVED
+CVE-2022-40660
+ RESERVED
+CVE-2022-40659
+ RESERVED
+CVE-2022-40658
+ RESERVED
+CVE-2022-40657
+ RESERVED
+CVE-2022-40656
+ RESERVED
+CVE-2022-40655
+ RESERVED
+CVE-2022-40654
+ RESERVED
+CVE-2022-40653
+ RESERVED
+CVE-2022-40652
+ RESERVED
+CVE-2022-40651
+ RESERVED
+CVE-2022-40650
+ RESERVED
+CVE-2022-40649
+ RESERVED
+CVE-2022-40648
+ RESERVED
+CVE-2022-40647
+ RESERVED
+CVE-2022-40646
+ RESERVED
+CVE-2022-40645
+ RESERVED
+CVE-2022-40644
+ RESERVED
+CVE-2022-40643
+ RESERVED
+CVE-2022-40642
+ RESERVED
+CVE-2022-40641
+ RESERVED
+CVE-2022-40640
+ RESERVED
+CVE-2022-40639
+ RESERVED
+CVE-2022-40638
+ RESERVED
+CVE-2022-40637
+ RESERVED
+CVE-2022-40636
+ RESERVED
+CVE-2022-3210
+ RESERVED
+CVE-2022-31735
+ RESERVED
+CVE-2021-46838
+ RESERVED
CVE-2022-40635 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
NOT-FOR-US: Crafter Studio of Crafter CMS
CVE-2022-40634 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
@@ -18,8 +98,8 @@ CVE-2022-3207
RESERVED
CVE-2022-3206
RESERVED
-CVE-2022-3205
- RESERVED
+CVE-2022-3205 (An XSS exists in automation controller UI where the project name is su ...)
+ TODO: check
CVE-2022-3204
RESERVED
CVE-2022-3203
@@ -57,18 +137,18 @@ CVE-2022-40628
RESERVED
CVE-2022-40627
RESERVED
-CVE-2022-40626
- RESERVED
+CVE-2022-40626 (An unauthenticated user can create a link with reflected Javascript co ...)
+ TODO: check
CVE-2022-40625
RESERVED
CVE-2022-40624
RESERVED
-CVE-2022-40623
- RESERVED
-CVE-2022-40622
- RESERVED
-CVE-2022-40621
- RESERVED
+CVE-2022-40623 (The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030 ...)
+ TODO: check
+CVE-2022-40622 (The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030 ...)
+ TODO: check
+CVE-2022-40621 (Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31 ...)
+ TODO: check
CVE-2022-40620
RESERVED
CVE-2022-40619
@@ -119,8 +199,8 @@ CVE-2022-3184
RESERVED
CVE-2022-3183
RESERVED
-CVE-2022-3182
- RESERVED
+CVE-2022-3182 (Improper Access Control vulnerability in the Duo SMS two-factor of Dev ...)
+ TODO: check
CVE-2022-40606
RESERVED
CVE-2022-40605
@@ -1844,22 +1924,22 @@ CVE-2022-39823
RESERVED
CVE-2022-39822
RESERVED
-CVE-2022-39821
- RESERVED
+CVE-2022-39821 (In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an ...)
+ TODO: check
CVE-2022-39820
RESERVED
-CVE-2022-39819
- RESERVED
+CVE-2022-39819 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities ...)
+ TODO: check
CVE-2022-39818
RESERVED
-CVE-2022-39817
- RESERVED
-CVE-2022-39816
- RESERVED
-CVE-2022-39815
- RESERVED
-CVE-2022-39814
- RESERVED
+CVE-2022-39817 (In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occur ...)
+ TODO: check
+CVE-2022-39816 (In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (clearte ...)
+ TODO: check
+CVE-2022-39815 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities ...)
+ TODO: check
+CVE-2022-39814 (In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the ...)
+ TODO: check
CVE-2022-39813
RESERVED
CVE-2022-39812
@@ -4349,14 +4429,14 @@ CVE-2022-3000
RESERVED
CVE-2022-38772 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-38771
- RESERVED
-CVE-2022-38770
- RESERVED
-CVE-2022-38769
- RESERVED
-CVE-2022-38768
- RESERVED
+CVE-2022-38771 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...)
+ TODO: check
+CVE-2022-38770 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...)
+ TODO: check
+CVE-2022-38769 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...)
+ TODO: check
+CVE-2022-38768 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...)
+ TODO: check
CVE-2022-38767
RESERVED
CVE-2022-38766
@@ -4609,8 +4689,7 @@ CVE-2022-2964 (A flaw was found in the Linux kernel’s driver for the ASIX
NOTE: https://git.kernel.org/linus/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581 (5.17-rc4)
CVE-2022-2963
RESERVED
-CVE-2022-2962
- RESERVED
+CVE-2022-2962 (A DMA reentrancy issue was found in the Tulip device emulation in QEMU ...)
- qemu 1:7.1+dfsg-2 (bug #1018055)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
@@ -4831,16 +4910,16 @@ CVE-2022-38639 (A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8
NOT-FOR-US: Markdown-Nice
CVE-2022-38638 (Casdoor v1.97.3 was discovered to contain an arbitrary file write vuln ...)
NOT-FOR-US: Casdoor
-CVE-2022-38637
- RESERVED
+CVE-2022-38637 (Hospital Management System v1.0 was discovered to contain multiple SQL ...)
+ TODO: check
CVE-2022-38636
RESERVED
CVE-2022-38635
RESERVED
CVE-2022-38634
RESERVED
-CVE-2022-38633
- RESERVED
+CVE-2022-38633 (Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vu ...)
+ TODO: check
CVE-2022-38632
RESERVED
CVE-2022-38631
@@ -5121,12 +5200,12 @@ CVE-2022-38499
RESERVED
CVE-2022-38498
RESERVED
-CVE-2022-38497
- RESERVED
-CVE-2022-38496
- RESERVED
-CVE-2022-38495
- RESERVED
+CVE-2022-38497 (LIEF commit 365a16a was discovered to contain a segmentation violation ...)
+ TODO: check
+CVE-2022-38496 (LIEF commit 365a16a was discovered to contain a reachable assertion ab ...)
+ TODO: check
+CVE-2022-38495 (LIEF commit 365a16a was discovered to contain a heap-buffer overflow v ...)
+ TODO: check
CVE-2022-38078 (Movable Type XMLRPC API provided by Six Apart Ltd. contains a command ...)
- movabletype-opensource <removed>
CVE-2022-2925 (Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appw ...)
@@ -5805,8 +5884,8 @@ CVE-2022-38344
RESERVED
CVE-2022-38343
RESERVED
-CVE-2022-38342
- RESERVED
+CVE-2022-38342 (Safe Software FME Server v2022.0.1.1 and below was discovered to conta ...)
+ TODO: check
CVE-2022-38341
RESERVED
CVE-2022-38340
@@ -5831,8 +5910,8 @@ CVE-2022-38331
RESERVED
CVE-2022-38330
RESERVED
-CVE-2022-38329
- RESERVED
+CVE-2022-38329 (An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF vulnera ...)
+ TODO: check
CVE-2022-38328
RESERVED
CVE-2022-38327
@@ -5875,10 +5954,10 @@ CVE-2022-38309 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered t
NOT-FOR-US: Tenda
CVE-2022-38308
RESERVED
-CVE-2022-38307
- RESERVED
-CVE-2022-38306
- RESERVED
+CVE-2022-38307 (LIEF commit 5d1d643 was discovered to contain a segmentation violation ...)
+ TODO: check
+CVE-2022-38306 (LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow i ...)
+ TODO: check
CVE-2022-36403 (Untrusted search path vulnerability in the installer of Device Softwar ...)
NOT-FOR-US: Ricoh
CVE-2022-2825
@@ -5899,8 +5978,8 @@ CVE-2022-2819 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889 (v9.0.0211)
CVE-2022-2818 (Authentication Bypass by Primary Weakness in GitHub repository cockpit ...)
NOT-FOR-US: Cockpit-HQ/Cockpit
-CVE-2022-38305
- RESERVED
+CVE-2022-38305 (AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vuln ...)
+ TODO: check
CVE-2022-38304 (Online Leave Management System v1.0 was discovered to contain a SQL in ...)
NOT-FOR-US: Online Leave Management System
CVE-2022-38303 (Online Leave Management System v1.0 was discovered to contain a SQL in ...)
@@ -7382,8 +7461,8 @@ CVE-2022-37705
RESERVED
CVE-2022-37704
RESERVED
-CVE-2022-37703
- RESERVED
+CVE-2022-37703 (In Amanda 3.5.1, an information leak vulnerability was found in the ca ...)
+ TODO: check
CVE-2022-37702
RESERVED
CVE-2022-37701
@@ -8754,10 +8833,10 @@ CVE-2022-37193
RESERVED
CVE-2022-37192
RESERVED
-CVE-2022-37191
- RESERVED
-CVE-2022-37190
- RESERVED
+CVE-2022-37191 (The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to ...)
+ TODO: check
+CVE-2022-37190 (CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenti ...)
+ TODO: check
CVE-2022-37189 (DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), l ...)
NOT-FOR-US: DDMAL MEI2Volpiano
CVE-2022-37188
@@ -8860,14 +8939,14 @@ CVE-2022-37142
RESERVED
CVE-2022-37141
RESERVED
-CVE-2022-37140
- RESERVED
-CVE-2022-37139
- RESERVED
-CVE-2022-37138
- RESERVED
-CVE-2022-37137
- RESERVED
+CVE-2022-37140 (PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). ...)
+ TODO: check
+CVE-2022-37139 (Loan Management System version 1.0 suffers from a persistent cross sit ...)
+ TODO: check
+CVE-2022-37138 (Loan Management System 1.0 is vulnerable to SQL Injection at the login ...)
+ TODO: check
+CVE-2022-37137 (PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during ...)
+ TODO: check
CVE-2022-37136
RESERVED
CVE-2022-37135
@@ -9804,8 +9883,8 @@ CVE-2022-36770
RESERVED
CVE-2022-36769
RESERVED
-CVE-2022-36768
- RESERVED
+CVE-2022-36768 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
+ TODO: check
CVE-2022-2546
RESERVED
CVE-2022-2545
@@ -10025,12 +10104,12 @@ CVE-2022-36671 (Novel-Plus v3.6.2 was discovered to contain an arbitrary file do
NOT-FOR-US: Novel-Plus
CVE-2022-36670 (PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamp ...)
NOT-FOR-US: PCProtect Endpoint
-CVE-2022-36669
- RESERVED
-CVE-2022-36668
- RESERVED
-CVE-2022-36667
- RESERVED
+CVE-2022-36669 (Hospital Information System version 1.0 suffers from a remote SQL inje ...)
+ TODO: check
+CVE-2022-36668 (Garage Management System 1.0 is vulnerable to Stored Cross Site Script ...)
+ TODO: check
+CVE-2022-36667 (Garage Management System 1.0 is vulnerable to the Remote Code Executio ...)
+ TODO: check
CVE-2022-36666
RESERVED
CVE-2022-36665
@@ -10518,8 +10597,8 @@ CVE-2022-36438
RESERVED
CVE-2022-36437
RESERVED
-CVE-2022-36436
- RESERVED
+CVE-2022-36436 (OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap ...)
+ TODO: check
CVE-2022-36435
RESERVED
CVE-2022-36434
@@ -12670,8 +12749,8 @@ CVE-2022-35639 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2
NOT-FOR-US: IBM
CVE-2022-35638
RESERVED
-CVE-2022-35637
- RESERVED
+CVE-2022-35637 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is ...)
+ TODO: check
CVE-2022-35636
RESERVED
CVE-2022-35635
@@ -12826,8 +12905,8 @@ CVE-2022-35583 (wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacke
NOTE: By design, wkhtmltopdf retrieves external resources. If it is employed inside
NOTE: a protected network in an automated way, a malicious actor may access internal
NOTE: resources. A user of wkhtmltopdf should restrict such access.
-CVE-2022-35582
- RESERVED
+CVE-2022-35582 (Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulner ...)
+ TODO: check
CVE-2022-35581
RESERVED
CVE-2022-35580
@@ -13292,8 +13371,8 @@ CVE-2022-2362 (The Download Manager WordPress plugin before 3.2.50 prioritizes g
NOT-FOR-US: WordPress plugin
CVE-2022-2361 (The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-35413
- RESERVED
+CVE-2022-35413 (WAPPLES through 6.0 has a hardcoded systemi account accessible via db/ ...)
+ TODO: check
CVE-2022-35412 (Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinar ...)
NOT-FOR-US: Digital Guardian Agent
CVE-2022-2360
@@ -14834,8 +14913,8 @@ CVE-2022-34833
RESERVED
CVE-2022-34832
RESERVED
-CVE-2022-34831
- RESERVED
+CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, rela ...)
+ TODO: check
CVE-2022-34830
RESERVED
CVE-2022-34829 (Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of se ...)
@@ -16163,8 +16242,8 @@ CVE-2022-34358 (IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripti
NOT-FOR-US: IBM
CVE-2022-34357
RESERVED
-CVE-2022-34356
- RESERVED
+CVE-2022-34356 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
+ TODO: check
CVE-2022-34355
RESERVED
CVE-2022-34354
@@ -16217,8 +16296,8 @@ CVE-2022-34338 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could
NOT-FOR-US: IBM
CVE-2022-34337
RESERVED
-CVE-2022-34336
- RESERVED
+CVE-2022-34336 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ TODO: check
CVE-2022-34335
RESERVED
CVE-2022-34334
@@ -16875,10 +16954,10 @@ CVE-2022-34104
RESERVED
CVE-2022-34103
RESERVED
-CVE-2022-34102
- RESERVED
-CVE-2022-34101
- RESERVED
+CVE-2022-34102 (Insufficient access control vulnerability was discovered in the Crestr ...)
+ TODO: check
+CVE-2022-34101 (A vulnerability was discovered in the Crestron AirMedia Windows Applic ...)
+ TODO: check
CVE-2022-34100 (A vulnerability was discovered in the Crestron AirMedia Windows Applic ...)
TODO: check
CVE-2022-34099
@@ -20538,8 +20617,8 @@ CVE-2022-32557 (An issue was discovered in Couchbase Server before 7.0.4. The In
NOT-FOR-US: Couchbase Server
CVE-2022-32556 (An issue was discovered in Couchbase Server before 7.0.4. A private ke ...)
NOT-FOR-US: Couchbase Server
-CVE-2022-32555
- RESERVED
+CVE-2022-32555 (Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7 ...)
+ TODO: check
CVE-2022-32554 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...)
NOT-FOR-US: Pure Storage FlashArray
CVE-2022-32553 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...)
@@ -21528,8 +21607,8 @@ CVE-2022-32246 (SAP Busines Objects Business Intelligence Platform (Visual Diffe
NOT-FOR-US: SAP
CVE-2022-32245 (SAP BusinessObjects Business Intelligence Platform (Open Document) - v ...)
NOT-FOR-US: SAP
-CVE-2022-32244
- RESERVED
+CVE-2022-32244 (Under certain conditions an attacker authenticated as a CMS administra ...)
+ TODO: check
CVE-2022-32243 (When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) ...)
NOT-FOR-US: SAP
CVE-2022-32242 (When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files r ...)
@@ -22548,8 +22627,8 @@ CVE-2022-31863
RESERVED
CVE-2022-31862
RESERVED
-CVE-2022-31861
- RESERVED
+CVE-2022-31861 (Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 ...)
+ TODO: check
CVE-2022-31860 (An issue was discovered in OpenRemote through 1.0.4 allows attackers t ...)
NOT-FOR-US: OpenRemote
CVE-2022-31859
@@ -24274,12 +24353,12 @@ CVE-2022-31326
RESERVED
CVE-2022-31325 (There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'Per ...)
NOT-FOR-US: ChurchCRM
-CVE-2022-31324
- RESERVED
+CVE-2022-31324 (An arbitrary file download vulnerability in the downloadAction() funct ...)
+ TODO: check
CVE-2022-31323
RESERVED
-CVE-2022-31322
- RESERVED
+CVE-2022-31322 (Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attacke ...)
+ TODO: check
CVE-2022-31321 (The foldername parameter in Bolt 5.1.7 was discovered to have incorrec ...)
NOT-FOR-US: Bolt CMS
CVE-2022-31320
@@ -52096,8 +52175,8 @@ CVE-2022-22485 (In some cases, an unsuccessful attempt to log into IBM Spectrum
NOT-FOR-US: IBM
CVE-2022-22484 (IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a ...)
NOT-FOR-US: IBM
-CVE-2022-22483
- RESERVED
+CVE-2022-22483 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is ...)
+ TODO: check
CVE-2022-22482 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 a ...)
NOT-FOR-US: IBM
CVE-2022-22481 (IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a ...)
@@ -52402,10 +52481,10 @@ CVE-2022-22332 (IBM Sterling Partner Engagement Manager 6.2.0 could allow an att
NOT-FOR-US: IBM
CVE-2022-22331 (IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote auth ...)
NOT-FOR-US: IBM
-CVE-2022-22330
- RESERVED
-CVE-2022-22329
- RESERVED
+CVE-2022-22330 (IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensiti ...)
+ TODO: check
+CVE-2022-22329 (IBM Control Desk 7.6.1 does not set the secure attribute on authorizat ...)
+ TODO: check
CVE-2022-22328 (IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious u ...)
NOT-FOR-US: IBM
CVE-2022-22327 (IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker ...)
@@ -53610,6 +53689,7 @@ CVE-2021-45846 (A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an att
NOTE: https://github.com/slic3r/Slic3r/issues/5117
NOTE: Crash in GUI tool, no security impact
CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS comma ...)
+ {DSA-5229-1}
- freecad 0.19.4+dfsg1-1
[buster] - freecad <not-affected> (Vulnerable code introduced in 0.19)
[stretch] - freecad <not-affected> (Vulnerable code introduced in 0.19)
@@ -53619,7 +53699,7 @@ CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS
NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/a73f442f88725e08f36a3614e690bdef24c3dee3 (0.19.4)
NOTE: https://tracker.freecad.org/view.php?id=4810
CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter from Fre ...)
- {DLA-3076-1 DLA-2934-1}
+ {DSA-5229-1 DLA-3076-1 DLA-2934-1}
- freecad 0.19.4+dfsg1-1 (bug #1005747)
NOTE: Fixed by; https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6 (master)
NOTE: Fxied by: https://github.com/FreeCAD/FreeCAD/commit/ad6977f940d3e64d78a4367452d9a338ad43fa1c (0.19.4)
@@ -66684,37 +66764,36 @@ CVE-2022-20401 (In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is
NOT-FOR-US: Android
CVE-2022-20400 (In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write d ...)
NOT-FOR-US: Android
-CVE-2022-20399
- RESERVED
+CVE-2022-20399 (In the SEPolicy configuration of system apps, there is a possible acce ...)
NOT-FOR-US: Android
-CVE-2022-20398
- RESERVED
+CVE-2022-20398 (In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way ...)
+ TODO: check
CVE-2022-20397
RESERVED
-CVE-2022-20396
- RESERVED
-CVE-2022-20395
- RESERVED
+CVE-2022-20396 (In SettingsActivity.java, there is a possible way to make a device dis ...)
+ TODO: check
+CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file deletio ...)
+ TODO: check
CVE-2022-20394
RESERVED
-CVE-2022-20393
- RESERVED
-CVE-2022-20392
- RESERVED
-CVE-2022-20391
- RESERVED
-CVE-2022-20390
- RESERVED
-CVE-2022-20389
- RESERVED
-CVE-2022-20388
- RESERVED
-CVE-2022-20387
- RESERVED
-CVE-2022-20386
- RESERVED
-CVE-2022-20385
- RESERVED
+CVE-2022-20393 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a p ...)
+ TODO: check
+CVE-2022-20392 (In declareDuplicatePermission of ParsedPermissionUtils.java, there is ...)
+ TODO: check
+CVE-2022-20391 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000 ...)
+ TODO: check
+CVE-2022-20390 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002 ...)
+ TODO: check
+CVE-2022-20389 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004 ...)
+ TODO: check
+CVE-2022-20388 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323 ...)
+ TODO: check
+CVE-2022-20387 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324 ...)
+ TODO: check
+CVE-2022-20386 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328 ...)
+ TODO: check
+CVE-2022-20385 (a function called 'nla_parse', do not check the len of para, it will c ...)
+ TODO: check
CVE-2022-20384 (Product: AndroidVersions: Android kernelAndroid ID: A-211727306Referen ...)
NOT-FOR-US: Android
CVE-2022-20383 (In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a pos ...)
@@ -82631,8 +82710,8 @@ CVE-2021-36570
RESERVED
CVE-2021-36569
RESERVED
-CVE-2021-36568
- RESERVED
+CVE-2021-36568 (In certain Moodle products after creating a course, it is possible to ...)
+ TODO: check
CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...)
NOT-FOR-US: ThinkPHP
CVE-2021-36566
@@ -133455,10 +133534,10 @@ CVE-2021-0945
RESERVED
CVE-2021-0944
RESERVED
-CVE-2021-0943
- RESERVED
-CVE-2021-0942
- RESERVED
+CVE-2021-0943 (In MMU_MapPages of TBD, there is a possible out of bounds write due to ...)
+ TODO: check
+CVE-2021-0942 (The path in this case is a little bit convoluted. The end result is th ...)
+ TODO: check
CVE-2021-0941 (In bpf_skb_change_head of filter.c, there is a possible out of bounds ...)
- linux 5.10.28-1
[buster] - linux 4.19.194-1
@@ -133628,8 +133707,8 @@ CVE-2021-0873
RESERVED
CVE-2021-0872
RESERVED
-CVE-2021-0871
- RESERVED
+CVE-2021-0871 (In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a mi ...)
+ TODO: check
CVE-2021-0870 (In RW_SetActivatedTagType of rw_main.cc, there is possible memory corr ...)
NOT-FOR-US: Android
CVE-2021-0869 (In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out ...)
@@ -133979,8 +134058,8 @@ CVE-2021-0699
RESERVED
CVE-2021-0698 (In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel ...)
NOT-FOR-US: Android
-CVE-2021-0697
- RESERVED
+CVE-2021-0697 (In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible use ...)
+ TODO: check
CVE-2021-0696
RESERVED
CVE-2021-0695 (In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds re ...)
@@ -155573,10 +155652,10 @@ CVE-2020-19589
RESERVED
CVE-2020-19588
RESERVED
-CVE-2020-19587
- RESERVED
-CVE-2020-19586
- RESERVED
+CVE-2020-19587 (Cross Site Scripting (XSS) vulnerability in configMap parameters in Ye ...)
+ TODO: check
+CVE-2020-19586 (Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 ...)
+ TODO: check
CVE-2020-19585
RESERVED
CVE-2020-19584
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78a370a2ccab5f4643748de6f865a831328a7947
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78a370a2ccab5f4643748de6f865a831328a7947
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220914/bd9b2257/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list