[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 15 09:10:26 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aae29227 by security tracker role at 2022-09-15T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...)
+	TODO: check
+CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer over-rea ...)
+	TODO: check
+CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...)
+	TODO: check
+CVE-2022-40735
+	RESERVED
+CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 a ...)
+	TODO: check
+CVE-2022-40733
+	RESERVED
+CVE-2022-40732
+	RESERVED
+CVE-2022-40731
+	RESERVED
+CVE-2022-40730
+	RESERVED
+CVE-2022-40729
+	RESERVED
+CVE-2022-40728
+	RESERVED
+CVE-2022-40727
+	RESERVED
+CVE-2022-40726
+	RESERVED
+CVE-2022-40725
+	RESERVED
+CVE-2022-40724
+	RESERVED
+CVE-2022-40723
+	RESERVED
+CVE-2022-40722
+	RESERVED
+CVE-2022-40721
+	RESERVED
+CVE-2022-40720
+	RESERVED
+CVE-2022-40719
+	RESERVED
+CVE-2022-40718
+	RESERVED
+CVE-2022-40717
+	RESERVED
+CVE-2022-40716
+	RESERVED
+CVE-2022-40715
+	RESERVED
+CVE-2022-40714
+	RESERVED
+CVE-2022-40713
+	RESERVED
+CVE-2022-40712
+	RESERVED
+CVE-2022-40711
+	RESERVED
+CVE-2022-40710
+	RESERVED
+CVE-2022-40709
+	RESERVED
+CVE-2022-40708
+	RESERVED
+CVE-2022-40707
+	RESERVED
+CVE-2022-3219
+	RESERVED
+CVE-2022-3218
+	RESERVED
+CVE-2022-3217
+	RESERVED
+CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...)
+	TODO: check
 CVE-2022-40706
 	RESERVED
 CVE-2022-40705
@@ -80,8 +152,8 @@ CVE-2022-35238
 	RESERVED
 CVE-2022-33978
 	RESERVED
-CVE-2022-3216
-	RESERVED
+CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and classifi ...)
+	TODO: check
 CVE-2022-3215
 	RESERVED
 CVE-2022-3214
@@ -94,8 +166,8 @@ CVE-2022-3211
 	RESERVED
 CVE-2022-30545
 	RESERVED
-CVE-2020-36603
-	RESERVED
+CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 an ...)
+	TODO: check
 CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent function i ...)
 	- expat <unfixed> (bug #1019761)
 	NOTE: https://github.com/libexpat/libexpat/pull/629
@@ -175,8 +247,8 @@ CVE-2022-40636
 	RESERVED
 CVE-2022-3210
 	RESERVED
-CVE-2022-31735
-	RESERVED
+CVE-2022-31735 (OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium ...)
+	TODO: check
 CVE-2021-46838
 	RESERVED
 CVE-2022-40635 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
@@ -598,8 +670,8 @@ CVE-2022-40478
 	RESERVED
 CVE-2022-40477
 	RESERVED
-CVE-2022-40476
-	RESERVED
+CVE-2022-40476 (A null pointer dereference issue was discovered in fs/io_uring.c in th ...)
+	TODO: check
 CVE-2022-40475
 	RESERVED
 CVE-2022-40474
@@ -672,10 +744,10 @@ CVE-2022-40441
 	RESERVED
 CVE-2022-40440
 	RESERVED
-CVE-2022-40439
-	RESERVED
-CVE-2022-40438
-	RESERVED
+CVE-2022-40439 (An memory leak issue was discovered in AP4_StdcFileByteStream::Create  ...)
+	TODO: check
+CVE-2022-40438 (Buffer overflow vulnerability in function AP4_MemoryByteStream::WriteP ...)
+	TODO: check
 CVE-2022-40437
 	RESERVED
 CVE-2022-40436
@@ -820,8 +892,8 @@ CVE-2022-40367
 	RESERVED
 CVE-2022-40366
 	RESERVED
-CVE-2022-40365
-	RESERVED
+CVE-2022-40365 (Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5 ...)
+	TODO: check
 CVE-2022-40364
 	RESERVED
 CVE-2022-40363
@@ -4745,8 +4817,8 @@ CVE-2022-38718
 	RESERVED
 CVE-2022-38717
 	RESERVED
-CVE-2022-2977
-	RESERVED
+CVE-2022-2977 (A flaw was found in the Linux kernel implementation of proxied virtual ...)
+	TODO: check
 CVE-2022-2976
 	RESERVED
 CVE-2022-2975
@@ -5121,10 +5193,10 @@ CVE-2022-38597
 	RESERVED
 CVE-2022-38596
 	RESERVED
-CVE-2022-38595
-	RESERVED
-CVE-2022-38594
-	RESERVED
+CVE-2022-38595 (Church Management System v1.0 was discovered to contain a SQL injectio ...)
+	TODO: check
+CVE-2022-38594 (Church Management System v1.0 was discovered to contain a SQL injectio ...)
+	TODO: check
 CVE-2022-38593
 	RESERVED
 CVE-2022-38592
@@ -5992,8 +6064,8 @@ CVE-2022-38354
 	RESERVED
 CVE-2022-38353
 	RESERVED
-CVE-2022-38352
-	RESERVED
+CVE-2022-38352 (ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerabi ...)
+	TODO: check
 CVE-2022-38351
 	RESERVED
 CVE-2022-38350
@@ -6050,8 +6122,8 @@ CVE-2022-38325
 	RESERVED
 CVE-2022-38324
 	RESERVED
-CVE-2022-38323
-	RESERVED
+CVE-2022-38323 (Event Management System v1.0 was discovered to contain an arbitrary fi ...)
+	TODO: check
 CVE-2022-38322
 	RESERVED
 CVE-2022-38321
@@ -6080,8 +6152,8 @@ CVE-2022-38310 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered t
 	NOT-FOR-US: Tenda
 CVE-2022-38309 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...)
 	NOT-FOR-US: Tenda
-CVE-2022-38308
-	RESERVED
+CVE-2022-38308 (TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a comm ...)
+	TODO: check
 CVE-2022-38307 (LIEF commit 5d1d643 was discovered to contain a segmentation violation ...)
 	NOT-FOR-US: LIEF
 CVE-2022-38306 (LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow i ...)
@@ -6114,8 +6186,8 @@ CVE-2022-38303 (Online Leave Management System v1.0 was discovered to contain a
 	NOT-FOR-US: Online Leave Management System
 CVE-2022-38302 (Online Leave Management System v1.0 was discovered to contain a SQL in ...)
 	NOT-FOR-US: Online Leave Management System
-CVE-2022-38301
-	RESERVED
+CVE-2022-38301 (Onedev v7.4.14 contains a path traversal vulnerability which allows at ...)
+	TODO: check
 CVE-2022-38300
 	RESERVED
 CVE-2022-38299 (An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attack ...)
@@ -7551,8 +7623,8 @@ CVE-2022-37726
 	RESERVED
 CVE-2022-37725
 	RESERVED
-CVE-2022-37724
-	RESERVED
+CVE-2022-37724 (Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary ...)
+	TODO: check
 CVE-2022-37723
 	RESERVED
 CVE-2022-37722
@@ -11893,8 +11965,8 @@ CVE-2022-36058 (Elrond go is the go implementation for the Elrond Network protoc
 	NOT-FOR-US: Elrond go
 CVE-2022-36057 (Discourse-Chat is an asynchronous messaging plugin for the Discourse o ...)
 	NOT-FOR-US: Discourse-Chat
-CVE-2022-36056
-	RESERVED
+CVE-2022-36056 (Cosign is a project under the sigstore organization which aims to make ...)
+	TODO: check
 CVE-2022-36055 (Helm is a tool for managing Charts. Charts are packages of pre-configu ...)
 	- helm-kubernetes <itp> (bug #910799)
 CVE-2022-36054 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
@@ -19268,6 +19340,7 @@ CVE-2022-2080 (The Sensei LMS WordPress plugin before 4.5.2 does not ensure that
 CVE-2022-2079 (Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb ...)
 	NOT-FOR-US: nocodb
 CVE-2022-2078 (A vulnerability was found in the Linux kernel's nft_set_desc_concat_pa ...)
+	{DSA-5161-1}
 	- linux 5.18.2-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -35553,7 +35626,7 @@ CVE-2022-1050 (A flaw was found in the QEMU implementation of VMWare's paravirtu
 	[stretch] - qemu <not-affected> (rdma devices introduced in v2.12)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html
 CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The pcs da ...)
-	{DSA-5226-1}
+	{DSA-5226-1 DLA-3108-1}
 	- pcs 0.11.3-1
 	[stretch] - pcs <not-affected> (Vulnerable code introduced later, ./pcs/daemon/ not present)
 	NOTE: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5
@@ -222146,6 +222219,7 @@ CVE-2019-14435
 CVE-2019-14434
 	RESERVED
 CVE-2019-14433 (An issue was discovered in OpenStack Nova before 17.0.12, 18.x before  ...)
+	{DLA-3109-1}
 	- nova 2:19.0.2-1 (low; bug #934114)
 	[stretch] - nova <no-dsa> (Minor issue)
 	[jessie] - nova <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae29227e7b2733662d4c6a777d1dfd9686a1ab2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae29227e7b2733662d4c6a777d1dfd9686a1ab2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220915/18ef13a5/attachment.htm>


More information about the debian-security-tracker-commits mailing list