[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 15 21:10:31 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
62e83737 by security tracker role at 2022-09-15T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2022-40742
+ RESERVED
+CVE-2022-40741
+ RESERVED
+CVE-2022-40740
+ RESERVED
+CVE-2022-40739
+ RESERVED
+CVE-2022-3227
+ RESERVED
+CVE-2022-3226
+ RESERVED
+CVE-2022-3225
+ RESERVED
+CVE-2022-3224 (Misinterpretation of Input in GitHub repository ionicabizau/parse-url ...)
+ TODO: check
+CVE-2022-3223
+ RESERVED
+CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...)
+ TODO: check
+CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
+ TODO: check
+CVE-2022-3220
+ RESERVED
CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...)
NOT-FOR-US: Bento4
CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer over-rea ...)
@@ -166,8 +190,8 @@ CVE-2022-3213
RESERVED
CVE-2022-3212 (<bytes::Bytes as axum_core::extract::FromRequest>::from_request ...)
TODO: check
-CVE-2022-3211
- RESERVED
+CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
CVE-2022-30545
RESERVED
CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 an ...)
@@ -193,62 +217,62 @@ CVE-2022-40665
RESERVED
CVE-2022-40664
RESERVED
-CVE-2022-40663
- RESERVED
-CVE-2022-40662
- RESERVED
-CVE-2022-40661
- RESERVED
-CVE-2022-40660
- RESERVED
-CVE-2022-40659
- RESERVED
-CVE-2022-40658
- RESERVED
-CVE-2022-40657
- RESERVED
-CVE-2022-40656
- RESERVED
-CVE-2022-40655
- RESERVED
-CVE-2022-40654
- RESERVED
-CVE-2022-40653
- RESERVED
-CVE-2022-40652
- RESERVED
-CVE-2022-40651
- RESERVED
-CVE-2022-40650
- RESERVED
-CVE-2022-40649
- RESERVED
-CVE-2022-40648
- RESERVED
-CVE-2022-40647
- RESERVED
-CVE-2022-40646
- RESERVED
-CVE-2022-40645
- RESERVED
-CVE-2022-40644
- RESERVED
-CVE-2022-40643
- RESERVED
-CVE-2022-40642
- RESERVED
-CVE-2022-40641
- RESERVED
-CVE-2022-40640
- RESERVED
-CVE-2022-40639
- RESERVED
-CVE-2022-40638
- RESERVED
-CVE-2022-40637
- RESERVED
-CVE-2022-40636
- RESERVED
+CVE-2022-40663 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40662 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40661 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40660 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40659 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40658 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40657 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40656 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40655 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40654 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40653 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40652 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40651 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40650 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40649 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40648 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40647 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40646 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40645 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40644 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40643 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40642 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40641 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40640 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40639 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40637 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2022-40636 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2022-3210
RESERVED
CVE-2022-31735 (OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium ...)
@@ -288,30 +312,37 @@ CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Jo
NOTE: https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47 (5.18-rc1)
CVE-2022-3201
RESERVED
+ {DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3200
RESERVED
+ {DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3199
RESERVED
+ {DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3198
RESERVED
+ {DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3197
RESERVED
+ {DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3196
RESERVED
+ {DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3195
RESERVED
+ {DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3194
@@ -1031,8 +1062,8 @@ CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound
CVE-2022-40307 (An issue was discovered in the Linux kernel through 5.19.8. drivers/fi ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95
-CVE-2022-40306
- RESERVED
+CVE-2022-40306 (The login form /Login in ECi Printanista Hub (formerly FMAudit Printsc ...)
+ TODO: check
CVE-2022-40305 (A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 al ...)
NOT-FOR-US: Canto Cumulus
CVE-2022-40304
@@ -3398,8 +3429,8 @@ CVE-2022-39211
RESERVED
CVE-2022-39210
RESERVED
-CVE-2022-39209
- RESERVED
+CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
+ TODO: check
CVE-2022-39208 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...)
NOT-FOR-US: Onedev
CVE-2022-39207 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...)
@@ -4273,8 +4304,8 @@ CVE-2022-38892
RESERVED
CVE-2022-38891
RESERVED
-CVE-2022-38890
- RESERVED
+CVE-2022-38890 (Nginx NJS v0.7.7 was discovered to contain a segmentation violation vi ...)
+ TODO: check
CVE-2022-38889
RESERVED
CVE-2022-38888
@@ -4321,40 +4352,40 @@ CVE-2022-38868
RESERVED
CVE-2022-38867
RESERVED
-CVE-2022-38866
- RESERVED
-CVE-2022-38865
- RESERVED
-CVE-2022-38864
- RESERVED
-CVE-2022-38863
- RESERVED
-CVE-2022-38862
- RESERVED
-CVE-2022-38861
- RESERVED
-CVE-2022-38860
- RESERVED
+CVE-2022-38866 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...)
+ TODO: check
+CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory ...)
+ TODO: check
+CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...)
+ TODO: check
CVE-2022-38859
RESERVED
-CVE-2022-38858
- RESERVED
+CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ TODO: check
CVE-2022-38857
RESERVED
-CVE-2022-38856
- RESERVED
-CVE-2022-38855
- RESERVED
+CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ TODO: check
+CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ TODO: check
CVE-2022-38854
RESERVED
-CVE-2022-38853
- RESERVED
+CVE-2022-38853 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
+ TODO: check
CVE-2022-38852
RESERVED
-CVE-2022-38851
- RESERVED
-CVE-2022-38850
- RESERVED
+CVE-2022-38851 (Certain The MPlayer Project products are vulnerable to Out-of-bounds R ...)
+ TODO: check
+CVE-2022-38850 (The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide ...)
+ TODO: check
CVE-2022-38849
RESERVED
CVE-2022-38848
@@ -4545,10 +4576,10 @@ CVE-2022-38791 (In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds
NOTE: MariaDB fixed in 10.3.36, 10.5.17, 10.6.9
CVE-2022-38790 (Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting ( ...)
NOT-FOR-US: Weave GitOps Enterprise
-CVE-2022-38789
- RESERVED
-CVE-2022-38788
- RESERVED
+CVE-2022-38789 (An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It a ...)
+ TODO: check
+CVE-2022-38788 (An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00 ...)
+ TODO: check
CVE-2022-3018
RESERVED
CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...)
@@ -4623,8 +4654,8 @@ CVE-2022-3003
RESERVED
CVE-2022-3002
RESERVED
-CVE-2022-3001
- RESERVED
+CVE-2022-3001 (This vulnerability exists in Milesight Video Management Systems (VMS), ...)
+ TODO: check
CVE-2022-3000
RESERVED
CVE-2022-38772 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
@@ -5192,8 +5223,8 @@ CVE-2022-38602
RESERVED
CVE-2022-38601
RESERVED
-CVE-2022-38600
- RESERVED
+CVE-2022-38600 (Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf ...)
+ TODO: check
CVE-2022-38599
RESERVED
CVE-2022-38598
@@ -5322,10 +5353,10 @@ CVE-2022-38537 (Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL
NOT-FOR-US: Archery
CVE-2022-38536
RESERVED
-CVE-2022-38535
- RESERVED
-CVE-2022-38534
- RESERVED
+CVE-2022-38535 (TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code exe ...)
+ TODO: check
+CVE-2022-38534 (TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code exe ...)
+ TODO: check
CVE-2022-38533 (In GNU Binutils before 2.40, there is a heap-buffer-overflow in the er ...)
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29482
@@ -6125,10 +6156,10 @@ CVE-2022-38328
RESERVED
CVE-2022-38327
RESERVED
-CVE-2022-38326
- RESERVED
-CVE-2022-38325
- RESERVED
+CVE-2022-38326 (Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03. ...)
+ TODO: check
+CVE-2022-38325 (Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03. ...)
+ TODO: check
CVE-2022-38324
RESERVED
CVE-2022-38323 (Event Management System v1.0 was discovered to contain an arbitrary fi ...)
@@ -7343,8 +7374,8 @@ CVE-2022-37863
RESERVED
CVE-2022-37862
RESERVED
-CVE-2022-37861
- RESERVED
+CVE-2022-37861 (There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 ...)
+ TODO: check
CVE-2022-37860 (The web configuration interface of the TP-Link M7350 V3 with firmware ...)
NOT-FOR-US: TP-Link
CVE-2022-37859
@@ -8899,26 +8930,26 @@ CVE-2022-37268
RESERVED
CVE-2022-37267
RESERVED
-CVE-2022-37266
- RESERVED
+CVE-2022-37266 (Prototype pollution vulnerability in function extend in babel.js in st ...)
+ TODO: check
CVE-2022-37265
RESERVED
-CVE-2022-37264
- RESERVED
+CVE-2022-37264 (Prototype pollution vulnerability in stealjs steal 2.2.4 via the optio ...)
+ TODO: check
CVE-2022-37263
RESERVED
-CVE-2022-37262
- RESERVED
+CVE-2022-37262 (A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...)
+ TODO: check
CVE-2022-37261
RESERVED
-CVE-2022-37260
- RESERVED
+CVE-2022-37260 (A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...)
+ TODO: check
CVE-2022-37259
RESERVED
CVE-2022-37258
RESERVED
-CVE-2022-37257
- RESERVED
+CVE-2022-37257 (Prototype pollution vulnerability in function convertLater in npm-conv ...)
+ TODO: check
CVE-2022-37256
RESERVED
CVE-2022-37255
@@ -9017,8 +9048,8 @@ CVE-2022-37209
RESERVED
CVE-2022-37208
RESERVED
-CVE-2022-37207
- RESERVED
+CVE-2022-37207 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...)
+ TODO: check
CVE-2022-37206
RESERVED
CVE-2022-37205
@@ -9029,8 +9060,8 @@ CVE-2022-37203
RESERVED
CVE-2022-37202
RESERVED
-CVE-2022-37201
- RESERVED
+CVE-2022-37201 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. ...)
+ TODO: check
CVE-2022-37200
RESERVED
CVE-2022-37199 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system ...)
@@ -11343,10 +11374,10 @@ CVE-2022-2474
RESERVED
CVE-2022-2473 (The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-S ...)
NOT-FOR-US: WP-UserOnline plugin for WordPress
-CVE-2022-2472
- RESERVED
-CVE-2022-2471
- RESERVED
+CVE-2022-2472 (Improper Initialization vulnerability in the local server component of ...)
+ TODO: check
+CVE-2022-2471 (Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detectio ...)
+ TODO: check
CVE-2022-2470 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
NOT-FOR-US: microweber
CVE-2022-2469 (GNU SASL libgsasl server-side read-out-of-bounds with malicious authen ...)
@@ -24906,8 +24937,7 @@ CVE-2022-1800 (The Export any WordPress data to XML/CSV WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2022-1799 (Incorrect signature trust exists within Google Play services SDK play- ...)
NOT-FOR-US: Google Play
-CVE-2022-1798
- RESERVED
+CVE-2022-1798 (A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0. ...)
NOT-FOR-US: KubeVirt
CVE-2022-31215 (In certain Goverlan products, the Windows Firewall is temporarily turn ...)
NOT-FOR-US: Goverlan
@@ -29670,8 +29700,8 @@ CVE-2022-29651 (An arbitrary file upload vulnerability in the Select Image funct
NOT-FOR-US: Online Food Ordering System
CVE-2022-29650 (Online Food Ordering System v1.0 was discovered to contain a SQL injec ...)
NOT-FOR-US: Online Food Ordering System
-CVE-2022-29649
- RESERVED
+CVE-2022-29649 (Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (X ...)
+ TODO: check
CVE-2022-29648 (A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows ...)
NOT-FOR-US: Jfinal CMS
CVE-2022-29647 (An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability t ...)
@@ -60156,8 +60186,8 @@ CVE-2021-3987
RESERVED
CVE-2021-3986
RESERVED
-CVE-2021-44076
- RESERVED
+CVE-2021-44076 (An issue was discovered in CrushFTP 9. The creation of a new user thro ...)
+ TODO: check
CVE-2021-44075
RESERVED
CVE-2021-44074
@@ -71761,6 +71791,7 @@ CVE-2021-40987 (A remote arbitrary command execution vulnerability was discovere
CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovered in A ...)
NOT-FOR-US: Aruba
CVE-2021-3800 (A flaw was found in glib before version 2.63.6. Due to random charset ...)
+ {DLA-3110-1}
- glib2.0 2.64.0-1
NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a519959a5d9cb787404296322618a1 (2.63.6)
NOTE: https://www.openwall.com/lists/oss-security/2017/06/23/8
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62e83737de978b6e720bf05f714e43b80847f466
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62e83737de978b6e720bf05f714e43b80847f466
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220915/19d0f3cd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list