[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 14 21:10:33 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a82a9178 by security tracker role at 2022-09-14T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2022-40706
+ RESERVED
+CVE-2022-40705
+ RESERVED
+CVE-2022-40696
+ RESERVED
+CVE-2022-40684
+ RESERVED
+CVE-2022-40683
+ RESERVED
+CVE-2022-40682
+ RESERVED
+CVE-2022-40681
+ RESERVED
+CVE-2022-40680
+ RESERVED
+CVE-2022-40679
+ RESERVED
+CVE-2022-40678
+ RESERVED
+CVE-2022-40677
+ RESERVED
+CVE-2022-40676
+ RESERVED
+CVE-2022-40675
+ RESERVED
+CVE-2022-40672
+ RESERVED
+CVE-2022-40671
+ RESERVED
+CVE-2022-40632
+ RESERVED
+CVE-2022-40312
+ RESERVED
+CVE-2022-40310
+ RESERVED
+CVE-2022-40223
+ RESERVED
+CVE-2022-40219
+ RESERVED
+CVE-2022-40217
+ RESERVED
+CVE-2022-40215
+ RESERVED
+CVE-2022-40213
+ RESERVED
+CVE-2022-40211
+ RESERVED
+CVE-2022-40206
+ RESERVED
+CVE-2022-40205
+ RESERVED
+CVE-2022-40193
+ RESERVED
+CVE-2022-40131
+ RESERVED
+CVE-2022-38974
+ RESERVED
+CVE-2022-38468
+ RESERVED
+CVE-2022-38461
+ RESERVED
+CVE-2022-38454
+ RESERVED
+CVE-2022-38104
+ RESERVED
+CVE-2022-38079
+ RESERVED
+CVE-2022-38074
+ RESERVED
+CVE-2022-38073
+ RESERVED
+CVE-2022-36424
+ RESERVED
+CVE-2022-36417
+ RESERVED
+CVE-2022-36404
+ RESERVED
+CVE-2022-35238
+ RESERVED
+CVE-2022-33978
+ RESERVED
+CVE-2022-3216
+ RESERVED
+CVE-2022-3215
+ RESERVED
+CVE-2022-3214
+ RESERVED
+CVE-2022-3213
+ RESERVED
+CVE-2022-3212 (<bytes::Bytes as axum_core::extract::FromRequest>::from_request ...)
+ TODO: check
+CVE-2022-3211
+ RESERVED
+CVE-2022-30545
+ RESERVED
+CVE-2020-36603
+ RESERVED
CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent function i ...)
- expat <unfixed> (bug #1019761)
NOTE: https://github.com/libexpat/libexpat/pull/629
@@ -107,8 +205,7 @@ CVE-2022-3204
RESERVED
CVE-2022-3203
RESERVED
-CVE-2022-3202
- RESERVED
+CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journal ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
@@ -4283,8 +4380,8 @@ CVE-2022-38798
RESERVED
CVE-2022-38797
RESERVED
-CVE-2022-38796
- RESERVED
+CVE-2022-38796 (A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an ...)
+ TODO: check
CVE-2022-38453 (Multiple binary application files on the CMS8000 device are compiled w ...)
NOT-FOR-US: Contec Health
CVE-2022-38399 (Missing protection mechanism for alternate hardware interface in SmaCa ...)
@@ -5409,8 +5506,8 @@ CVE-2022-2902
RESERVED
CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot prior to ...)
NOT-FOR-US: chatwoot
-CVE-2022-2900
- RESERVED
+CVE-2022-2900 (Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/pa ...)
+ TODO: check
CVE-2022-38464
RESERVED
CVE-2022-38463 (ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS ...)
@@ -7579,8 +7676,8 @@ CVE-2022-37663
RESERVED
CVE-2022-37662
RESERVED
-CVE-2022-37661
- RESERVED
+CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remo ...)
+ TODO: check
CVE-2022-37660
RESERVED
CVE-2022-37659
@@ -11650,12 +11747,12 @@ CVE-2022-36116 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.0
NOT-FOR-US: Blue Prism Enterprise
CVE-2022-36115 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...)
NOT-FOR-US: Blue Prism Enterprise
-CVE-2022-36114
- RESERVED
-CVE-2022-36113
- RESERVED
-CVE-2022-36112
- RESERVED
+CVE-2022-36114 (Cargo is a package manager for the rust programming language. It was d ...)
+ TODO: check
+CVE-2022-36113 (Cargo is a package manager for the rust programming language. After a ...)
+ TODO: check
+CVE-2022-36112 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...)
+ TODO: check
CVE-2022-36111
RESERVED
CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version 0.15.1, Impro ...)
@@ -12018,12 +12115,12 @@ CVE-2022-35948 (undici is an HTTP/1.1 client, written from scratch for Node.js.`
- node-undici 5.8.2+dfsg1+~cs18.9.18.1-1
NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3
NOTE: https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80 (v5.8.2)
-CVE-2022-35947
- RESERVED
-CVE-2022-35946
- RESERVED
-CVE-2022-35945
- RESERVED
+CVE-2022-35947 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...)
+ TODO: check
+CVE-2022-35946 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...)
+ TODO: check
+CVE-2022-35945 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...)
+ TODO: check
CVE-2022-35944
RESERVED
CVE-2022-35943 (Shield is an authentication and authorization framework for CodeIgnite ...)
@@ -14773,8 +14870,8 @@ CVE-2022-2279 (NULL Pointer Dereference in GitHub repository bfabiszewski/libmob
NOTE: https://github.com/bfabiszewski/libmobi/commit/c0699c8693c47f14a2e57dec7292e862ac7adf9c (v0.11)
CVE-2022-2278 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2277
- RESERVED
+CVE-2022-2277 (Improper Input Validation vulnerability exists in the Hitachi Energy M ...)
+ TODO: check
CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible to resen ...)
NOT-FOR-US: OpenVPN Access Server
CVE-2022-34893
@@ -21832,7 +21929,7 @@ CVE-2022-1973 (A use-after-free flaw was found in the Linux kernel in log_replay
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f26967b9f7a830e228bb13fb41bd516ddd9d789d (5.19-rc1)
CVE-2022-1972
- RESERVED
+ REJECTED
{DSA-5161-1}
- linux 5.18.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -24519,7 +24616,7 @@ CVE-2022-27184 (The affected product is vulnerable to an out-of-bounds write, wh
CVE-2022-1836
REJECTED
CVE-2022-1835
- RESERVED
+ REJECTED
CVE-2022-1834
RESERVED
{DSA-5158-1 DLA-3041-1}
@@ -24799,8 +24896,8 @@ CVE-2022-31189 (DSpace open source software is a repository application which pr
NOT-FOR-US: DSpace
CVE-2022-31188 (CVAT is an opensource interactive video and image annotation tool for ...)
NOT-FOR-US: cvat-ai/cvat
-CVE-2022-31187
- RESERVED
+CVE-2022-31187 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...)
+ TODO: check
CVE-2022-31186 (NextAuth.js is a complete open source authentication solution for Next ...)
NOT-FOR-US: NextAuth.js
CVE-2022-31185 (mprweb is a hosting platform for the makedeb Package Repository. Email ...)
@@ -24910,8 +25007,8 @@ CVE-2022-31144 (Redis is an in-memory database that persists on disk. A speciall
[buster] - redis <not-affected> (Only affects 7.x)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh
NOTE: https://github.com/redis/redis/commit/15ae4e29e537e7ec37f0df1825d9fb2beea67124
-CVE-2022-31143
- RESERVED
+CVE-2022-31143 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...)
+ TODO: check
CVE-2022-31142 (@fastify/bearer-auth is a Fastify plugin to require bearer Authorizati ...)
NOT-FOR-US: @fastify/bearer-auth
CVE-2022-31141
@@ -25394,8 +25491,8 @@ CVE-2022-1780 (The LaTeX for WordPress plugin through 3.4.10 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-1779 (The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSR ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1778
- RESERVED
+CVE-2022-1778 (Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X ...)
+ TODO: check
CVE-2022-1777 (The Filr WordPress plugin before 1.2.2.1 does not have authorisation c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...)
@@ -28530,8 +28627,8 @@ CVE-2022-29928 (In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity
NOT-FOR-US: JetBrains TeamCity
CVE-2022-29927 (In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2022-29922
- RESERVED
+CVE-2022-29922 (Improper Input Validation vulnerability in the handling of a specially ...)
+ TODO: check
CVE-2022-29918
RESERVED
- firefox 100.0-1
@@ -28603,8 +28700,8 @@ CVE-2022-29909
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29909
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29909
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29909
-CVE-2022-29492
- RESERVED
+CVE-2022-29492 (Improper Input Validation vulnerability in the handling of a malformed ...)
+ TODO: check
CVE-2022-29490 (Improper Authorization vulnerability exists in the Workplace X WebUI o ...)
NOT-FOR-US: Workplace X
CVE-2022-1543 (Improper handling of Length parameter in GitHub repository erudika/sco ...)
@@ -28841,7 +28938,7 @@ CVE-2022-29852
RESERVED
CVE-2022-29851
RESERVED
-CVE-2022-29850 (Various Lexmark products through 2022-04-27 allow External Control of ...)
+CVE-2022-29850 (Various Lexmark products through 2022-04-27 allow an attacker who has ...)
NOT-FOR-US: Lexmark
CVE-2022-29849 (In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SU ...)
NOT-FOR-US: Progress OpenEdge
@@ -45140,7 +45237,8 @@ CVE-2022-24306 (Zoho ManageEngine SharePoint Manager Plus before 4329 allows acc
NOT-FOR-US: Zoho ManageEngine
CVE-2022-24305 (Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-24304 (Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prot ...)
+CVE-2022-24304
+ REJECTED
NOT-FOR-US: Mongoose
CVE-2022-24303 (Pillow before 9.0.1 allows attackers to delete files because spaces in ...)
- pillow 9.0.1-1
@@ -52150,8 +52248,8 @@ CVE-2022-22522
RESERVED
CVE-2022-22521 (In Miele Benchmark Programming Tool with versions Prior to 1.2.71, exe ...)
NOT-FOR-US: Miele
-CVE-2022-22520
- RESERVED
+CVE-2022-22520 (A remote, unauthenticated attacker can enumerate valid users by sendin ...)
+ TODO: check
CVE-2022-22519 (A remote, unauthenticated attacker can send a specific crafted HTTP or ...)
NOT-FOR-US: CODESYS
CVE-2022-22518 (A bug in CmpUserMgr component can lead to only partially applied secur ...)
@@ -53472,8 +53570,8 @@ CVE-2022-0031
RESERVED
CVE-2022-0030
RESERVED
-CVE-2022-0029
- RESERVED
+CVE-2022-0029 (An improper link resolution vulnerability in the Palo Alto Networks Co ...)
+ TODO: check
CVE-2022-0028 (A PAN-OS URL filtering policy misconfiguration could allow a network-b ...)
NOT-FOR-US: Palo Alto Networks
CVE-2022-0027 (An improper authorization vulnerability in Palo Alto Network Cortex XS ...)
@@ -66888,8 +66986,8 @@ CVE-2022-20366 (In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out
NOT-FOR-US: Android
CVE-2022-20365 (Product: AndroidVersions: Android kernelAndroid ID: A-229632566Referen ...)
NOT-FOR-US: Android
-CVE-2022-20364
- RESERVED
+CVE-2022-20364 (In sysmmu_unmap of TBD, there is a possible out of bounds write due to ...)
+ TODO: check
CVE-2022-20363
RESERVED
CVE-2022-20362 (In Bluetooth, there is a possible out of bounds write due to an intege ...)
@@ -67154,8 +67252,8 @@ CVE-2022-20233 (In param_find_digests_internal and related functions of the Tita
NOT-FOR-US: Google Pixel
CVE-2022-20232
RESERVED
-CVE-2022-20231
- RESERVED
+CVE-2022-20231 (In smc_intc_request_fiq of arm_gic.c, there is a possible out of bound ...)
+ TODO: check
CVE-2022-20230 (In choosePrivateKeyAlias of KeyChain.java, there is a possible access ...)
NOT-FOR-US: Android
CVE-2022-20229 (In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there i ...)
@@ -76761,8 +76859,8 @@ CVE-2021-38926 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server
NOT-FOR-US: IBM
CVE-2021-38925 (IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 ...)
NOT-FOR-US: IBM
-CVE-2021-38924
- RESERVED
+CVE-2021-38924 (IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote a ...)
+ TODO: check
CVE-2021-38923 (IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain ac ...)
NOT-FOR-US: IBM
CVE-2021-38922
@@ -87497,7 +87595,7 @@ CVE-2021-34576 (In Kaden PICOFLUX Air in all known versions an information expos
NOT-FOR-US: Kaden PICOFLUX Air
CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 ...)
NOT-FOR-US: MB connect line
-CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 ...)
+CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and ...)
NOT-FOR-US: MB connect line
CVE-2021-34573 (In Enbra EWM in Version 1.7.29 together with several tested wireless M ...)
NOT-FOR-US: Enbra EWM
@@ -123357,15 +123455,15 @@ CVE-2020-35573 (srs2.c in PostSRSd before 1.10 allows remote attackers to cause
- postsrsd 1.10-1
[buster] - postsrsd 1.5-2+deb10u1
NOTE: https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac (1.10)
-CVE-2020-35570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+CVE-2020-35570 (An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 ...)
NOT-FOR-US: MB CONNECT
CVE-2020-35569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
NOT-FOR-US: MB CONNECT
-CVE-2020-35568 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+CVE-2020-35568 (An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 ...)
NOT-FOR-US: MB CONNECT
CVE-2020-35567 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
NOT-FOR-US: MB CONNECT
-CVE-2020-35566 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+CVE-2020-35566 (An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 ...)
NOT-FOR-US: MB CONNECT
CVE-2020-35565 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
NOT-FOR-US: MB CONNECT
@@ -123375,15 +123473,15 @@ CVE-2020-35563 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbC
NOT-FOR-US: MB CONNECT
CVE-2020-35562
RESERVED
-CVE-2020-35561 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+CVE-2020-35561 (An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and ...)
NOT-FOR-US: MB CONNECT
CVE-2020-35560 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
NOT-FOR-US: MB CONNECT
CVE-2020-35559 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
NOT-FOR-US: MB CONNECT
-CVE-2020-35558 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+CVE-2020-35558 (An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 ...)
NOT-FOR-US: MB CONNECT
-CVE-2020-35557 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+CVE-2020-35557 (An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz my ...)
NOT-FOR-US: MB CONNECT
CVE-2020-35556 (An issue was discovered in Acronis Cyber Protect before 15 Update 1 bu ...)
NOT-FOR-US: Acronis
@@ -172966,7 +173064,7 @@ CVE-2020-12529 (An issue was discovered in MB connect line mymbCONNECT24 and mbC
NOT-FOR-US: MB connect software
CVE-2020-12528 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...)
NOT-FOR-US: MB connect software
-CVE-2020-12527 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...)
+CVE-2020-12527 (An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 ...)
NOT-FOR-US: MB connect software
CVE-2020-12526 (TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics U ...)
NOT-FOR-US: TwinCAT OPC UA Server
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a82a91788034eb82a720a328f9576de6fba1ad5c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a82a91788034eb82a720a328f9576de6fba1ad5c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220914/7e59a302/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list