[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 15 09:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aae29227 by security tracker role at 2022-09-15T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...)
+ TODO: check
+CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer over-rea ...)
+ TODO: check
+CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...)
+ TODO: check
+CVE-2022-40735
+ RESERVED
+CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 a ...)
+ TODO: check
+CVE-2022-40733
+ RESERVED
+CVE-2022-40732
+ RESERVED
+CVE-2022-40731
+ RESERVED
+CVE-2022-40730
+ RESERVED
+CVE-2022-40729
+ RESERVED
+CVE-2022-40728
+ RESERVED
+CVE-2022-40727
+ RESERVED
+CVE-2022-40726
+ RESERVED
+CVE-2022-40725
+ RESERVED
+CVE-2022-40724
+ RESERVED
+CVE-2022-40723
+ RESERVED
+CVE-2022-40722
+ RESERVED
+CVE-2022-40721
+ RESERVED
+CVE-2022-40720
+ RESERVED
+CVE-2022-40719
+ RESERVED
+CVE-2022-40718
+ RESERVED
+CVE-2022-40717
+ RESERVED
+CVE-2022-40716
+ RESERVED
+CVE-2022-40715
+ RESERVED
+CVE-2022-40714
+ RESERVED
+CVE-2022-40713
+ RESERVED
+CVE-2022-40712
+ RESERVED
+CVE-2022-40711
+ RESERVED
+CVE-2022-40710
+ RESERVED
+CVE-2022-40709
+ RESERVED
+CVE-2022-40708
+ RESERVED
+CVE-2022-40707
+ RESERVED
+CVE-2022-3219
+ RESERVED
+CVE-2022-3218
+ RESERVED
+CVE-2022-3217
+ RESERVED
+CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...)
+ TODO: check
CVE-2022-40706
RESERVED
CVE-2022-40705
@@ -80,8 +152,8 @@ CVE-2022-35238
RESERVED
CVE-2022-33978
RESERVED
-CVE-2022-3216
- RESERVED
+CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and classifi ...)
+ TODO: check
CVE-2022-3215
RESERVED
CVE-2022-3214
@@ -94,8 +166,8 @@ CVE-2022-3211
RESERVED
CVE-2022-30545
RESERVED
-CVE-2020-36603
- RESERVED
+CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 an ...)
+ TODO: check
CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent function i ...)
- expat <unfixed> (bug #1019761)
NOTE: https://github.com/libexpat/libexpat/pull/629
@@ -175,8 +247,8 @@ CVE-2022-40636
RESERVED
CVE-2022-3210
RESERVED
-CVE-2022-31735
- RESERVED
+CVE-2022-31735 (OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium ...)
+ TODO: check
CVE-2021-46838
RESERVED
CVE-2022-40635 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
@@ -598,8 +670,8 @@ CVE-2022-40478
RESERVED
CVE-2022-40477
RESERVED
-CVE-2022-40476
- RESERVED
+CVE-2022-40476 (A null pointer dereference issue was discovered in fs/io_uring.c in th ...)
+ TODO: check
CVE-2022-40475
RESERVED
CVE-2022-40474
@@ -672,10 +744,10 @@ CVE-2022-40441
RESERVED
CVE-2022-40440
RESERVED
-CVE-2022-40439
- RESERVED
-CVE-2022-40438
- RESERVED
+CVE-2022-40439 (An memory leak issue was discovered in AP4_StdcFileByteStream::Create ...)
+ TODO: check
+CVE-2022-40438 (Buffer overflow vulnerability in function AP4_MemoryByteStream::WriteP ...)
+ TODO: check
CVE-2022-40437
RESERVED
CVE-2022-40436
@@ -820,8 +892,8 @@ CVE-2022-40367
RESERVED
CVE-2022-40366
RESERVED
-CVE-2022-40365
- RESERVED
+CVE-2022-40365 (Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5 ...)
+ TODO: check
CVE-2022-40364
RESERVED
CVE-2022-40363
@@ -4745,8 +4817,8 @@ CVE-2022-38718
RESERVED
CVE-2022-38717
RESERVED
-CVE-2022-2977
- RESERVED
+CVE-2022-2977 (A flaw was found in the Linux kernel implementation of proxied virtual ...)
+ TODO: check
CVE-2022-2976
RESERVED
CVE-2022-2975
@@ -5121,10 +5193,10 @@ CVE-2022-38597
RESERVED
CVE-2022-38596
RESERVED
-CVE-2022-38595
- RESERVED
-CVE-2022-38594
- RESERVED
+CVE-2022-38595 (Church Management System v1.0 was discovered to contain a SQL injectio ...)
+ TODO: check
+CVE-2022-38594 (Church Management System v1.0 was discovered to contain a SQL injectio ...)
+ TODO: check
CVE-2022-38593
RESERVED
CVE-2022-38592
@@ -5992,8 +6064,8 @@ CVE-2022-38354
RESERVED
CVE-2022-38353
RESERVED
-CVE-2022-38352
- RESERVED
+CVE-2022-38352 (ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerabi ...)
+ TODO: check
CVE-2022-38351
RESERVED
CVE-2022-38350
@@ -6050,8 +6122,8 @@ CVE-2022-38325
RESERVED
CVE-2022-38324
RESERVED
-CVE-2022-38323
- RESERVED
+CVE-2022-38323 (Event Management System v1.0 was discovered to contain an arbitrary fi ...)
+ TODO: check
CVE-2022-38322
RESERVED
CVE-2022-38321
@@ -6080,8 +6152,8 @@ CVE-2022-38310 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered t
NOT-FOR-US: Tenda
CVE-2022-38309 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...)
NOT-FOR-US: Tenda
-CVE-2022-38308
- RESERVED
+CVE-2022-38308 (TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a comm ...)
+ TODO: check
CVE-2022-38307 (LIEF commit 5d1d643 was discovered to contain a segmentation violation ...)
NOT-FOR-US: LIEF
CVE-2022-38306 (LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow i ...)
@@ -6114,8 +6186,8 @@ CVE-2022-38303 (Online Leave Management System v1.0 was discovered to contain a
NOT-FOR-US: Online Leave Management System
CVE-2022-38302 (Online Leave Management System v1.0 was discovered to contain a SQL in ...)
NOT-FOR-US: Online Leave Management System
-CVE-2022-38301
- RESERVED
+CVE-2022-38301 (Onedev v7.4.14 contains a path traversal vulnerability which allows at ...)
+ TODO: check
CVE-2022-38300
RESERVED
CVE-2022-38299 (An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attack ...)
@@ -7551,8 +7623,8 @@ CVE-2022-37726
RESERVED
CVE-2022-37725
RESERVED
-CVE-2022-37724
- RESERVED
+CVE-2022-37724 (Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary ...)
+ TODO: check
CVE-2022-37723
RESERVED
CVE-2022-37722
@@ -11893,8 +11965,8 @@ CVE-2022-36058 (Elrond go is the go implementation for the Elrond Network protoc
NOT-FOR-US: Elrond go
CVE-2022-36057 (Discourse-Chat is an asynchronous messaging plugin for the Discourse o ...)
NOT-FOR-US: Discourse-Chat
-CVE-2022-36056
- RESERVED
+CVE-2022-36056 (Cosign is a project under the sigstore organization which aims to make ...)
+ TODO: check
CVE-2022-36055 (Helm is a tool for managing Charts. Charts are packages of pre-configu ...)
- helm-kubernetes <itp> (bug #910799)
CVE-2022-36054 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
@@ -19268,6 +19340,7 @@ CVE-2022-2080 (The Sensei LMS WordPress plugin before 4.5.2 does not ensure that
CVE-2022-2079 (Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb ...)
NOT-FOR-US: nocodb
CVE-2022-2078 (A vulnerability was found in the Linux kernel's nft_set_desc_concat_pa ...)
+ {DSA-5161-1}
- linux 5.18.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -35553,7 +35626,7 @@ CVE-2022-1050 (A flaw was found in the QEMU implementation of VMWare's paravirtu
[stretch] - qemu <not-affected> (rdma devices introduced in v2.12)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html
CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The pcs da ...)
- {DSA-5226-1}
+ {DSA-5226-1 DLA-3108-1}
- pcs 0.11.3-1
[stretch] - pcs <not-affected> (Vulnerable code introduced later, ./pcs/daemon/ not present)
NOTE: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5
@@ -222146,6 +222219,7 @@ CVE-2019-14435
CVE-2019-14434
RESERVED
CVE-2019-14433 (An issue was discovered in OpenStack Nova before 17.0.12, 18.x before ...)
+ {DLA-3109-1}
- nova 2:19.0.2-1 (low; bug #934114)
[stretch] - nova <no-dsa> (Minor issue)
[jessie] - nova <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae29227e7b2733662d4c6a777d1dfd9686a1ab2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae29227e7b2733662d4c6a777d1dfd9686a1ab2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220915/18ef13a5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list