[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 20 21:10:30 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
01e28e4c by security tracker role at 2022-09-20T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-41139
+	RESERVED
+CVE-2022-41138 (In Zutty before 0.13, DECRQSS in text written to the terminal can achi ...)
+	TODO: check
+CVE-2022-41137
+	RESERVED
+CVE-2022-40704
+	RESERVED
+CVE-2022-40208
+	RESERVED
+CVE-2022-38066
+	RESERVED
+CVE-2022-3253
+	RESERVED
+CVE-2022-3252
+	RESERVED
+CVE-2022-3251
+	RESERVED
+CVE-2022-3250
+	RESERVED
+CVE-2022-3249
+	RESERVED
+CVE-2022-3248
+	RESERVED
+CVE-2022-3247
+	RESERVED
+CVE-2022-3246
+	RESERVED
+CVE-2022-3245 (HTML injection attack is closely related to Cross-site Scripting (XSS) ...)
+	TODO: check
+CVE-2022-3244
+	RESERVED
+CVE-2022-3243
+	RESERVED
+CVE-2022-3242 (Code Injection in GitHub repository microweber/microweber prior to 1.3 ...)
+	TODO: check
+CVE-2022-3241
+	RESERVED
+CVE-2017-20148 (In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on G ...)
+	TODO: check
+CVE-2017-20147 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gent ...)
+	TODO: check
+CVE-2016-20015 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gent ...)
+	TODO: check
 CVE-2022-41131
 	RESERVED
 CVE-2022-41130
@@ -346,8 +390,8 @@ CVE-2022-40956
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40956
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40956
-CVE-2022-40955
-	RESERVED
+CVE-2022-40955 (In versions of Apache InLong prior to 1.3.0, an attacker with sufficie ...)
+	TODO: check
 CVE-2022-40954
 	RESERVED
 CVE-2022-40701
@@ -1990,10 +2034,10 @@ CVE-2022-40264
 	RESERVED
 CVE-2022-40263
 	RESERVED
-CVE-2022-40262
-	RESERVED
-CVE-2022-40261
-	RESERVED
+CVE-2022-40262 (A potential attacker can execute an arbitrary code at the time of the  ...)
+	TODO: check
+CVE-2022-40261 (An attacker can exploit this vulnerability to elevate privileges from  ...)
+	TODO: check
 CVE-2022-40260
 	RESERVED
 CVE-2022-40259
@@ -2014,16 +2058,16 @@ CVE-2022-40252
 	RESERVED
 CVE-2022-40251
 	RESERVED
-CVE-2022-40250
-	RESERVED
+CVE-2022-40250 (An attacker can exploit this vulnerability to elevate privileges from  ...)
+	TODO: check
 CVE-2022-40249
 	RESERVED
 CVE-2022-40248
 	RESERVED
 CVE-2022-40247
 	RESERVED
-CVE-2022-40246
-	RESERVED
+CVE-2022-40246 (A potential attacker can write one byte by arbitrary address at the ti ...)
+	TODO: check
 CVE-2022-40245
 	RESERVED
 CVE-2022-40244
@@ -2651,8 +2695,8 @@ CVE-2022-39976
 	RESERVED
 CVE-2022-39975
 	RESERVED
-CVE-2022-39974
-	RESERVED
+CVE-2022-39974 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...)
+	TODO: check
 CVE-2022-39973
 	RESERVED
 CVE-2022-39972
@@ -4617,8 +4661,8 @@ CVE-2022-3081
 	RESERVED
 CVE-2022-3080
 	RESERVED
-CVE-2022-3079
-	RESERVED
+CVE-2022-3079 (Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow ...)
+	TODO: check
 CVE-2022-3078 (An issue was discovered in the Linux kernel through 5.16-rc6. There is ...)
 	- linux 5.17.3-1
 	[bullseye] - linux 5.10.113-1
@@ -5034,10 +5078,10 @@ CVE-2022-38958
 	RESERVED
 CVE-2022-38957
 	RESERVED
-CVE-2022-38956
-	RESERVED
-CVE-2022-38955
-	RESERVED
+CVE-2022-38956 (An exploitable firmware downgrade vulnerability was discovered on the  ...)
+	TODO: check
+CVE-2022-38955 (An exploitable firmware modification vulnerability was discovered on t ...)
+	TODO: check
 CVE-2022-38954
 	RESERVED
 CVE-2022-38953
@@ -5114,8 +5158,8 @@ CVE-2022-38918
 	RESERVED
 CVE-2022-38917
 	RESERVED
-CVE-2022-38916
-	RESERVED
+CVE-2022-38916 (A file upload vulnerability exists in the storage feature of pagekit 1 ...)
+	TODO: check
 CVE-2022-38915
 	RESERVED
 CVE-2022-38914
@@ -5543,18 +5587,18 @@ CVE-2022-3007
 	RESERVED
 CVE-2022-3006
 	RESERVED
-CVE-2022-3005
-	RESERVED
-CVE-2022-3004
-	RESERVED
+CVE-2022-3005 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
+	TODO: check
+CVE-2022-3004 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
+	TODO: check
 CVE-2022-3003
 	RESERVED
 CVE-2022-3002
 	RESERVED
 CVE-2022-3001 (This vulnerability exists in Milesight Video Management Systems (VMS), ...)
 	NOT-FOR-US: Milesight Video Management Systems (VMS)
-CVE-2022-3000
-	RESERVED
+CVE-2022-3000 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
+	TODO: check
 CVE-2022-38772 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-38771 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...)
@@ -7031,8 +7075,8 @@ CVE-2022-38342 (Safe Software FME Server v2022.0.1.1 and below was discovered to
 	NOT-FOR-US: Safe Software FME Server
 CVE-2022-38341 (Safe Software FME Server v2022.0.1.1 and below does not employ server- ...)
 	TODO: check
-CVE-2022-38340
-	RESERVED
+CVE-2022-38340 (Safe Software FME Server v2022.0.1.1 and below was discovered to conta ...)
+	TODO: check
 CVE-2022-38339 (Safe Software FME Server v2022.0.1.1 and below contains a cross-site s ...)
 	TODO: check
 CVE-2022-38338
@@ -8013,8 +8057,8 @@ CVE-2022-37974
 	RESERVED
 CVE-2022-37973
 	RESERVED
-CVE-2022-37972
-	RESERVED
+CVE-2022-37972 (Microsoft Endpoint Configuration Manager Spoofing Vulnerability. ...)
+	TODO: check
 CVE-2022-37971
 	RESERVED
 CVE-2022-37970
@@ -9838,8 +9882,8 @@ CVE-2022-37267
 	RESERVED
 CVE-2022-37266 (Prototype pollution vulnerability in function extend in babel.js in st ...)
 	TODO: check
-CVE-2022-37265
-	RESERVED
+CVE-2022-37265 (Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias ...)
+	TODO: check
 CVE-2022-37264 (Prototype pollution vulnerability in stealjs steal 2.2.4 via the optio ...)
 	TODO: check
 CVE-2022-37263
@@ -9850,8 +9894,8 @@ CVE-2022-37261
 	RESERVED
 CVE-2022-37260 (A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...)
 	TODO: check
-CVE-2022-37259
-	RESERVED
+CVE-2022-37259 (A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...)
+	TODO: check
 CVE-2022-37258 (Prototype pollution vulnerability in function convertLater in npm-conv ...)
 	TODO: check
 CVE-2022-37257 (Prototype pollution vulnerability in function convertLater in npm-conv ...)
@@ -9958,10 +10002,10 @@ CVE-2022-37207 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces
 	NOT-FOR-US: JFinal CMS
 CVE-2022-37206
 	RESERVED
-CVE-2022-37205
-	RESERVED
-CVE-2022-37204
-	RESERVED
+CVE-2022-37205 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...)
+	TODO: check
+CVE-2022-37204 (Final CMS 5.1.0 is vulnerable to SQL Injection. ...)
+	TODO: check
 CVE-2022-37203 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do n ...)
 	TODO: check
 CVE-2022-37202
@@ -11085,7 +11129,8 @@ CVE-2022-36759 (Online Food Ordering System v1.0 was discovered to contain a SQL
 	NOT-FOR-US: Online Food Ordering System
 CVE-2022-36758
 	RESERVED
-CVE-2022-36757 (Xaomi Mi Browser v13.10.0-gn contains a vulnerability which allows att ...)
+CVE-2022-36757
+	REJECTED
 	NOT-FOR-US: Xaomi Mi Browser
 CVE-2022-36756 (DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/ ...)
 	NOT-FOR-US: D-Link
@@ -15134,8 +15179,8 @@ CVE-2022-35198 (Contract Management System v2.0 contains a weak default password
 	NOT-FOR-US: Contract Management System
 CVE-2022-35197
 	RESERVED
-CVE-2022-35196
-	RESERVED
+CVE-2022-35196 (TestLink v1.9.20 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
 CVE-2022-35195 (TestLink 1.9.20 Raijin was discovered to contain a broken access contr ...)
 	TODO: check
 CVE-2022-35194 (TestLink v1.9.20 was discovered to contain a stored cross-site scripti ...)
@@ -15732,8 +15777,7 @@ CVE-2022-34918 (An issue was discovered in the Linux kernel through 5.18.9. A ty
 	NOTE: https://www.randorisec.fr/crack-linux-firewall/
 CVE-2022-2307 (A lack of cascading deletes in GitLab CE/EE affecting all versions sta ...)
 	- gitlab <unfixed>
-CVE-2022-34917
-	RESERVED
+CVE-2022-34917 (A security vulnerability has been identified in Apache Kafka. It affec ...)
 	- kafka <itp> (bug #786460)
 CVE-2022-34916 (Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote  ...)
 	NOT-FOR-US: Apache Flume
@@ -17653,8 +17697,8 @@ CVE-2022-2179 (The X-Frame-Options header in Rockwell Automation MicroLogix 1100
 	NOT-FOR-US: Rockwell
 CVE-2022-2178
 	RESERVED
-CVE-2022-2177
-	RESERVED
+CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL Injectio ...)
+	TODO: check
 CVE-2022-2176
 	RESERVED
 CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
@@ -17952,8 +17996,8 @@ CVE-2022-2156 (Use after free in Core in Google Chrome prior to 103.0.5060.53 al
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-2155
 	RESERVED
-CVE-2022-2154
-	RESERVED
+CVE-2022-2154 (An attacker with physical access can exploit this vulnerability to exe ...)
+	TODO: check
 CVE-2022-2153 (A flaw was found in the Linux kernel’s KVM when attempting to se ...)
 	{DSA-5173-1 DLA-3065-1}
 	- linux 5.17.3-1
@@ -23114,8 +23158,8 @@ CVE-2022-32169
 	RESERVED
 CVE-2022-32168
 	RESERVED
-CVE-2022-32167
-	RESERVED
+CVE-2022-32167 (Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cros ...)
+	TODO: check
 CVE-2022-32166
 	RESERVED
 CVE-2022-32165
@@ -27800,8 +27844,8 @@ CVE-2022-30580 (Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go
 	- golang-1.8 <not-affected> (Only affects Go on Windows)
 	- golang-1.7 <not-affected> (Only affects Go on Windows)
 	NOTE: https://go.dev/issue/52574
-CVE-2022-30579
-	RESERVED
+CVE-2022-30579 (The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analy ...)
+	TODO: check
 CVE-2022-30578
 	RESERVED
 CVE-2022-30577
@@ -38792,8 +38836,8 @@ CVE-2022-26876
 	RESERVED
 CVE-2022-26875
 	RESERVED
-CVE-2022-26873
-	RESERVED
+CVE-2022-26873 (A potential attacker can execute an arbitrary code at the time of the  ...)
+	TODO: check
 CVE-2022-26872
 	RESERVED
 CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex Central cou ...)
@@ -92426,18 +92470,18 @@ CVE-2021-33083 (Improper authentication in firmware for some Intel(R) SSD, Intel
 	NOT-FOR-US: Intel
 CVE-2021-33082 (Sensitive information in resource not removed before reuse in firmware ...)
 	NOT-FOR-US: Intel
-CVE-2021-33081
-	RESERVED
+CVE-2021-33081 (Protection mechanism failure in firmware for some Intel(R) SSD DC Prod ...)
+	TODO: check
 CVE-2021-33080 (Exposure of sensitive system information due to uncleared debug inform ...)
 	NOT-FOR-US: Intel
-CVE-2021-33079
-	RESERVED
+CVE-2021-33079 (Protection mechanism failure in firmware for some Intel(R) SSD DC Prod ...)
+	TODO: check
 CVE-2021-33078 (Race condition within a thread in firmware for some Intel(R) Optane(TM ...)
 	NOT-FOR-US: Intel
 CVE-2021-33077 (Insufficient control flow management in firmware for some Intel(R) SSD ...)
 	NOT-FOR-US: Intel
-CVE-2021-33076
-	RESERVED
+CVE-2021-33076 (Improper authentication in firmware for some Intel(R) SSD DC Products  ...)
+	TODO: check
 CVE-2021-33075 (Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R)  ...)
 	NOT-FOR-US: Intel
 CVE-2021-33074 (Protection mechanism failure in firmware for some Intel(R) SSD, Intel( ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01e28e4ca912b3227cc5127faed968cfb3e2ea97

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01e28e4ca912b3227cc5127faed968cfb3e2ea97
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220920/2db6dec8/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list