[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 20 09:10:27 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c2e296ee by security tracker role at 2022-09-20T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,207 @@
+CVE-2022-41131
+ RESERVED
+CVE-2022-41130
+ RESERVED
+CVE-2022-41129
+ RESERVED
+CVE-2022-41128
+ RESERVED
+CVE-2022-41127
+ RESERVED
+CVE-2022-41126
+ RESERVED
+CVE-2022-41125
+ RESERVED
+CVE-2022-41124
+ RESERVED
+CVE-2022-41123
+ RESERVED
+CVE-2022-41122
+ RESERVED
+CVE-2022-41121
+ RESERVED
+CVE-2022-41120
+ RESERVED
+CVE-2022-41119
+ RESERVED
+CVE-2022-41118
+ RESERVED
+CVE-2022-41117
+ RESERVED
+CVE-2022-41116
+ RESERVED
+CVE-2022-41115
+ RESERVED
+CVE-2022-41114
+ RESERVED
+CVE-2022-41113
+ RESERVED
+CVE-2022-41112
+ RESERVED
+CVE-2022-41111
+ RESERVED
+CVE-2022-41110
+ RESERVED
+CVE-2022-41109
+ RESERVED
+CVE-2022-41108
+ RESERVED
+CVE-2022-41107
+ RESERVED
+CVE-2022-41106
+ RESERVED
+CVE-2022-41105
+ RESERVED
+CVE-2022-41104
+ RESERVED
+CVE-2022-41103
+ RESERVED
+CVE-2022-41102
+ RESERVED
+CVE-2022-41101
+ RESERVED
+CVE-2022-41100
+ RESERVED
+CVE-2022-41099
+ RESERVED
+CVE-2022-41098
+ RESERVED
+CVE-2022-41097
+ RESERVED
+CVE-2022-41096
+ RESERVED
+CVE-2022-41095
+ RESERVED
+CVE-2022-41094
+ RESERVED
+CVE-2022-41093
+ RESERVED
+CVE-2022-41092
+ RESERVED
+CVE-2022-41091
+ RESERVED
+CVE-2022-41090
+ RESERVED
+CVE-2022-41089
+ RESERVED
+CVE-2022-41088
+ RESERVED
+CVE-2022-41087
+ RESERVED
+CVE-2022-41086
+ RESERVED
+CVE-2022-41085
+ RESERVED
+CVE-2022-41084
+ RESERVED
+CVE-2022-41083
+ RESERVED
+CVE-2022-41082
+ RESERVED
+CVE-2022-41081
+ RESERVED
+CVE-2022-41080
+ RESERVED
+CVE-2022-41079
+ RESERVED
+CVE-2022-41078
+ RESERVED
+CVE-2022-41077
+ RESERVED
+CVE-2022-41076
+ RESERVED
+CVE-2022-41075
+ RESERVED
+CVE-2022-41074
+ RESERVED
+CVE-2022-41073
+ RESERVED
+CVE-2022-41072
+ RESERVED
+CVE-2022-41071
+ RESERVED
+CVE-2022-41070
+ RESERVED
+CVE-2022-41069
+ RESERVED
+CVE-2022-41068
+ RESERVED
+CVE-2022-41067
+ RESERVED
+CVE-2022-41066
+ RESERVED
+CVE-2022-41065
+ RESERVED
+CVE-2022-41064
+ RESERVED
+CVE-2022-41063
+ RESERVED
+CVE-2022-41062
+ RESERVED
+CVE-2022-41061
+ RESERVED
+CVE-2022-41060
+ RESERVED
+CVE-2022-41059
+ RESERVED
+CVE-2022-41058
+ RESERVED
+CVE-2022-41057
+ RESERVED
+CVE-2022-41056
+ RESERVED
+CVE-2022-41055
+ RESERVED
+CVE-2022-41054
+ RESERVED
+CVE-2022-41053
+ RESERVED
+CVE-2022-41052
+ RESERVED
+CVE-2022-41051
+ RESERVED
+CVE-2022-41050
+ RESERVED
+CVE-2022-41049
+ RESERVED
+CVE-2022-41048
+ RESERVED
+CVE-2022-41047
+ RESERVED
+CVE-2022-41046
+ RESERVED
+CVE-2022-41045
+ RESERVED
+CVE-2022-41044
+ RESERVED
+CVE-2022-41043
+ RESERVED
+CVE-2022-41042
+ RESERVED
+CVE-2022-41041
+ RESERVED
+CVE-2022-41040
+ RESERVED
+CVE-2022-41039
+ RESERVED
+CVE-2022-41038
+ RESERVED
+CVE-2022-41037
+ RESERVED
+CVE-2022-41036
+ RESERVED
+CVE-2022-41035
+ RESERVED
+CVE-2022-41034
+ RESERVED
+CVE-2022-41033
+ RESERVED
+CVE-2022-41032
+ RESERVED
+CVE-2022-41031
+ RESERVED
+CVE-2022-40129
+ RESERVED
CVE-2022-41030
RESERVED
CVE-2022-41029
@@ -136,8 +340,7 @@ CVE-2022-36279
RESERVED
CVE-2022-3240
RESERVED
-CVE-2022-3239 [media: em28xx: initialize refcount before kref_get]
- RESERVED
+CVE-2022-3239 (A flaw use after free in the Linux kernel video4linux driver was found ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
@@ -2457,25 +2660,21 @@ CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ..
NOTE: https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e (v9.0.0389)
CVE-2022-39959
RESERVED
-CVE-2022-39958 [Small range header leading to response rule set bypass]
- RESERVED
+CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...)
- modsecurity-crs <unfixed>
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
-CVE-2022-39957 [Charset accept header field resulting in response rule set bypass]
- RESERVED
+CVE-2022-39957 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...)
- modsecurity-crs <unfixed>
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
-CVE-2022-39956 [Content-Type or Content-Transfer-Encoding MIME header fields abuse]
- RESERVED
+CVE-2022-39956 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...)
- modsecurity-crs <unfixed>
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
NOTE: Depends on changes to be done in src:libmodsecurity3 / src:modsecurity-apache, cf.
NOTE: https://bugs.debian.org/1020303
-CVE-2022-39955 [Multiple charsets defined in Content-Type header]
- RESERVED
+CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...)
- modsecurity-crs <unfixed>
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
@@ -5374,8 +5573,7 @@ CVE-2022-2996 (A flaw was found in the python-scciclient when making an HTTPS co
- python-scciclient <unfixed> (bug #1018213)
[bullseye] - python-scciclient <no-dsa> (Minor issue)
NOTE: https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c (0.12)
-CVE-2022-2995
- RESERVED
+CVE-2022-2995 (Incorrect handling of the supplementary groups in the CRI-O container ...)
- cri-o <itp> (bug #979702)
CVE-2022-2994
RESERVED
@@ -5992,8 +6190,8 @@ CVE-2022-38552
RESERVED
CVE-2022-38551
RESERVED
-CVE-2022-38550
- RESERVED
+CVE-2022-38550 (A stored cross-site scripting (XSS) vulnerability in the /weibo/list c ...)
+ TODO: check
CVE-2022-38549
RESERVED
CVE-2022-38548
@@ -6002,8 +6200,8 @@ CVE-2022-38547
RESERVED
CVE-2022-38546
RESERVED
-CVE-2022-38545
- RESERVED
+CVE-2022-38545 (Valine v1.4.18 was discovered to contain a remote code execution (RCE) ...)
+ TODO: check
CVE-2022-38544
RESERVED
CVE-2022-38543
@@ -6031,8 +6229,8 @@ CVE-2022-38533 (In GNU Binutils before 2.40, there is a heap-buffer-overflow in
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29482
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797
NOTE: binutils not covered by security support
-CVE-2022-38532
- RESERVED
+CVE-2022-38532 (Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered t ...)
+ TODO: check
CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Rem ...)
NOT-FOR-US: FPT router
CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...)
@@ -6049,8 +6247,8 @@ CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was discovered
- assimp <unfixed>
[bullseye] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/4662
-CVE-2022-38527
- RESERVED
+CVE-2022-38527 (UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vul ...)
+ TODO: check
CVE-2022-38526
RESERVED
CVE-2022-38525
@@ -6085,8 +6283,8 @@ CVE-2022-38511 (TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a
NOT-FOR-US: TOTOLINK
CVE-2022-38510 (Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow ...)
NOT-FOR-US: Tenda
-CVE-2022-38509
- RESERVED
+CVE-2022-38509 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+ TODO: check
CVE-2022-38508
RESERVED
CVE-2022-38507
@@ -6119,8 +6317,8 @@ CVE-2022-38078 (Movable Type XMLRPC API provided by Six Apart Ltd. contains a co
- movabletype-opensource <removed>
CVE-2022-2925 (Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appw ...)
NOT-FOR-US: appwrite
-CVE-2022-2924
- RESERVED
+CVE-2022-2924 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
+ TODO: check
CVE-2022-2923 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.024 ...)
- vim 2:9.0.0242-1
NOTE: https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2
@@ -6775,8 +6973,8 @@ CVE-2022-38353
RESERVED
CVE-2022-38352 (ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerabi ...)
NOT-FOR-US: ThinkPHP
-CVE-2022-38351
- RESERVED
+CVE-2022-38351 (A vulnerability in Suprema Bio Star 2 v2.8.16 allows attackers to esca ...)
+ TODO: check
CVE-2022-38350
RESERVED
CVE-2022-38349
@@ -6799,8 +6997,8 @@ CVE-2022-38341 (Safe Software FME Server v2022.0.1.1 and below does not employ s
TODO: check
CVE-2022-38340
RESERVED
-CVE-2022-38339
- RESERVED
+CVE-2022-38339 (Safe Software FME Server v2022.0.1.1 and below contains a cross-site s ...)
+ TODO: check
CVE-2022-38338
RESERVED
CVE-2022-38337
@@ -10103,8 +10301,8 @@ CVE-2022-37034
RESERVED
CVE-2022-37033
RESERVED
-CVE-2022-37032
- RESERVED
+CVE-2022-37032 (An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 ma ...)
+ TODO: check
CVE-2022-37031
RESERVED
CVE-2022-37030 (Weak permissions on the configuration file in the PAM module in Grommu ...)
@@ -12492,7 +12690,7 @@ CVE-2022-2449
RESERVED
CVE-2022-2448
RESERVED
-CVE-2022-2447 (A flaw was found in OpenStack. The application credential tokens can b ...)
+CVE-2022-2447 (A flaw was found in Keystone. There is a time lag (up to one hour in a ...)
- keystone <unfixed>
[bullseye] - keystone <no-dsa> (Minor issue)
[buster] - keystone <no-dsa> (Minor issue)
@@ -15167,28 +15365,28 @@ CVE-2022-35072
RESERVED
CVE-2022-35071
RESERVED
-CVE-2022-35070
- RESERVED
-CVE-2022-35069
- RESERVED
-CVE-2022-35068
- RESERVED
-CVE-2022-35067
- RESERVED
-CVE-2022-35066
- RESERVED
-CVE-2022-35065
- RESERVED
-CVE-2022-35064
- RESERVED
-CVE-2022-35063
- RESERVED
-CVE-2022-35062
- RESERVED
-CVE-2022-35061
- RESERVED
-CVE-2022-35060
- RESERVED
+CVE-2022-35070 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35069 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35068 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35067 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35066 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35065 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...)
+ TODO: check
+CVE-2022-35064 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35063 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35062 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35061 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35060 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...)
+ TODO: check
CVE-2022-35059
RESERVED
CVE-2022-35058
@@ -16070,8 +16268,8 @@ CVE-2022-34748 (A vulnerability has been identified in Simcenter Femap (All vers
NOT-FOR-US: Siemens
CVE-2022-34747 (A format string vulnerability in Zyxel NAS326 firmware versions prior ...)
NOT-FOR-US: Zyxel
-CVE-2022-34746
- RESERVED
+CVE-2022-34746 (An insufficient entropy vulnerability caused by the improper use of ra ...)
+ TODO: check
CVE-2022-34743 (The AT commands of the USB port have an out-of-bounds read vulnerabili ...)
NOT-FOR-US: Huawei
CVE-2022-34742 (The system module has a read/write vulnerability. Successful exploitat ...)
@@ -29791,8 +29989,8 @@ CVE-2022-29837
RESERVED
CVE-2022-29836
RESERVED
-CVE-2022-29835
- RESERVED
+CVE-2022-29835 (WD Discovery software executable files were signed with an unsafe SHA- ...)
+ TODO: check
CVE-2022-29834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: ICONICS
CVE-2022-29833
@@ -34162,8 +34360,8 @@ CVE-2022-28323 (An issue was discovered in MediaWiki through 1.37.2. The SecureP
CVE-2022-28322
RESERVED
NOT-FOR-US: CentralAuth MediaWiki extension
-CVE-2022-28321
- RESERVED
+CVE-2022-28321 (The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows ...)
+ TODO: check
CVE-2022-28320
RESERVED
CVE-2022-28319
@@ -34626,13 +34824,11 @@ CVE-2022-28206 (An issue was discovered in MediaWiki through 1.37.1. ImportPlanV
NOT-FOR-US: MediaWiki FileImporter extension
CVE-2022-28205 (An issue was discovered in MediaWiki through 1.37.1. The CentralAuth e ...)
NOT-FOR-US: MediaWiki CentralAuth extension
-CVE-2022-28204 [mediawiki: Special:WhatLinksHere can result in a DoS when a page is used on a extremely large number of other pages]
- RESERVED
+CVE-2022-28204 (A denial-of-service issue was discovered in MediaWiki 1.37.x before 1. ...)
- mediawiki <not-affected> (Only affects 1.37 and later)
NOTE: https://phabricator.wikimedia.org/T297754
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
-CVE-2022-28203 [mediawiki: Requesting Special:NewFiles on a wiki with many file uploads with actor as a condition can result in a DoS]
- RESERVED
+CVE-2022-28203 (A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1 ...)
- mediawiki 1:1.35.6-1
[bullseye] - mediawiki <postponed> (Fix along in next security release)
[buster] - mediawiki <postponed> (Fix along in next security release)
@@ -34646,8 +34842,7 @@ CVE-2022-28202 (An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x b
[stretch] - mediawiki <postponed> (Fix along in next security release)
NOTE: https://phabricator.wikimedia.org/T297543
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
-CVE-2022-28201 [mediawiki: Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki]
- RESERVED
+CVE-2022-28201 (An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36 ...)
- mediawiki 1:1.35.6-1
[bullseye] - mediawiki <postponed> (Fix along in next security release)
[buster] - mediawiki <postponed> (Fix along in next security release)
@@ -48571,12 +48766,12 @@ CVE-2022-23770
RESERVED
CVE-2022-23769
RESERVED
-CVE-2022-23768
- RESERVED
-CVE-2022-23767
- RESERVED
-CVE-2022-23766
- RESERVED
+CVE-2022-23768 (This Vulnerability in NIS-HAP11AC is caused by an exposed external por ...)
+ TODO: check
+CVE-2022-23767 (This vulnerability of SecureGate is SQL-Injection using login without ...)
+ TODO: check
+CVE-2022-23766 (An improper input validation vulnerability leading to arbitrary file e ...)
+ TODO: check
CVE-2022-23765 (This vulnerability occured by sending a malicious POST request to a sp ...)
NOT-FOR-US: ipTIME NAS product
CVE-2022-23764 (The vulnerability causing from insufficient verification procedures fo ...)
@@ -52325,8 +52520,8 @@ CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management ...)
NOTE: https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/
NOTE: https://github.com/shelljs/shelljs/issues/1058
NOTE: https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c (v0.8.5)
-CVE-2022-0143
- RESERVED
+CVE-2022-0143 (When the LDAP connector is started with StartTLS configured, unauthent ...)
+ TODO: check
CVE-2022-0142 (The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0141 (The Visual Form Builder WordPress plugin before 3.0.8 does not enforce ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2e296ee9fd452d1346e90a852e0d6d7cba173d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2e296ee9fd452d1346e90a852e0d6d7cba173d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220920/b3c9f323/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list