[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 21 09:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
483dadfe by security tracker role at 2022-09-21T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2022-41220 (** DISPUTED ** md2roff 1.9 has a stack-based buffer overflow via a Mar ...)
+ TODO: check
+CVE-2022-41219
+ RESERVED
+CVE-2022-41218 (In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10 ...)
+ TODO: check
+CVE-2022-41217
+ RESERVED
+CVE-2022-41216
+ RESERVED
+CVE-2022-41215
+ RESERVED
+CVE-2022-41214
+ RESERVED
+CVE-2022-41213
+ RESERVED
+CVE-2022-41212
+ RESERVED
+CVE-2022-41211
+ RESERVED
+CVE-2022-41210
+ RESERVED
+CVE-2022-41209
+ RESERVED
+CVE-2022-41208
+ RESERVED
+CVE-2022-41207
+ RESERVED
+CVE-2022-41206
+ RESERVED
+CVE-2022-41205
+ RESERVED
+CVE-2022-41204
+ RESERVED
+CVE-2022-41203
+ RESERVED
+CVE-2022-41202
+ RESERVED
+CVE-2022-41201
+ RESERVED
+CVE-2022-41200
+ RESERVED
+CVE-2022-41199
+ RESERVED
+CVE-2022-41198
+ RESERVED
+CVE-2022-41197
+ RESERVED
+CVE-2022-41196
+ RESERVED
+CVE-2022-41195
+ RESERVED
+CVE-2022-41194
+ RESERVED
+CVE-2022-41193
+ RESERVED
+CVE-2022-41192
+ RESERVED
+CVE-2022-41191
+ RESERVED
+CVE-2022-41190
+ RESERVED
+CVE-2022-41189
+ RESERVED
+CVE-2022-41188
+ RESERVED
+CVE-2022-41187
+ RESERVED
+CVE-2022-41186
+ RESERVED
+CVE-2022-41185
+ RESERVED
+CVE-2022-41184
+ RESERVED
+CVE-2022-41183
+ RESERVED
+CVE-2022-41182
+ RESERVED
+CVE-2022-41181
+ RESERVED
+CVE-2022-41180
+ RESERVED
+CVE-2022-41179
+ RESERVED
+CVE-2022-41178
+ RESERVED
+CVE-2022-41177
+ RESERVED
+CVE-2022-41176
+ RESERVED
+CVE-2022-41175
+ RESERVED
+CVE-2022-41174
+ RESERVED
+CVE-2022-41173
+ RESERVED
+CVE-2022-41172
+ RESERVED
+CVE-2022-41171
+ RESERVED
+CVE-2022-41170
+ RESERVED
+CVE-2022-41169
+ RESERVED
+CVE-2022-41168
+ RESERVED
+CVE-2022-41167
+ RESERVED
+CVE-2022-41166
+ RESERVED
+CVE-2022-41165
+ RESERVED
+CVE-2022-41164
+ RESERVED
+CVE-2022-41163
+ RESERVED
+CVE-2022-41162
+ RESERVED
+CVE-2022-41161
+ RESERVED
+CVE-2022-41160
+ RESERVED
+CVE-2022-41159
+ RESERVED
+CVE-2022-41158
+ RESERVED
+CVE-2022-41157
+ RESERVED
+CVE-2022-41156
+ RESERVED
+CVE-2022-41153
+ RESERVED
+CVE-2022-41152
+ RESERVED
+CVE-2022-41151
+ RESERVED
+CVE-2022-41150
+ RESERVED
+CVE-2022-41149
+ RESERVED
+CVE-2022-41148
+ RESERVED
+CVE-2022-41147
+ RESERVED
+CVE-2022-41146
+ RESERVED
+CVE-2022-41145
+ RESERVED
+CVE-2022-41144
+ RESERVED
+CVE-2022-41143
+ RESERVED
+CVE-2022-41142
+ RESERVED
+CVE-2022-41141
+ RESERVED
+CVE-2022-41140
+ RESERVED
+CVE-2022-40983
+ RESERVED
+CVE-2022-40693
+ RESERVED
CVE-2022-41222 [mm/mremap: hold the rmap lock in write mode when moving page table entries]
- linux 5.14.6-1
[bullseye] - linux 5.10.140-1
@@ -1832,8 +1994,8 @@ CVE-2022-40359
RESERVED
CVE-2022-40358
RESERVED
-CVE-2022-40357
- RESERVED
+CVE-2022-40357 (A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Sid ...)
+ TODO: check
CVE-2022-40356
RESERVED
CVE-2022-40355
@@ -2638,10 +2800,10 @@ CVE-2022-40011
RESERVED
CVE-2022-40010
RESERVED
-CVE-2022-40009
- RESERVED
-CVE-2022-40008
- RESERVED
+CVE-2022-40009 (SWFTools commit 772e55a was discovered to contain a heap-use-after-fre ...)
+ TODO: check
+CVE-2022-40008 (SWFTools commit 772e55a was discovered to contain a heap-buffer overfl ...)
+ TODO: check
CVE-2022-40007
RESERVED
CVE-2022-40006
@@ -4318,14 +4480,14 @@ CVE-2022-39223
RESERVED
CVE-2022-39222
RESERVED
-CVE-2022-39221
- RESERVED
-CVE-2022-39220
- RESERVED
+CVE-2022-39221 (McWebserver mod runs a simple HTTP server alongside the Minecraft serv ...)
+ TODO: check
+CVE-2022-39220 (SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are su ...)
+ TODO: check
CVE-2022-39219
RESERVED
-CVE-2022-39218
- RESERVED
+CVE-2022-39218 (The JS Compute Runtime for Fastly's Compute at Edge platform provides the ...)
+ TODO: check
CVE-2022-39217 (some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub ...)
TODO: check
CVE-2022-39216
@@ -5141,8 +5303,8 @@ CVE-2022-38933
RESERVED
CVE-2022-38932
RESERVED
-CVE-2022-38931
- RESERVED
+CVE-2022-38931 (A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function ...)
+ TODO: check
CVE-2022-38930
RESERVED
CVE-2022-38929
@@ -5729,10 +5891,10 @@ CVE-2022-2987
CVE-2022-2986
RESERVED
- moodle <removed>
-CVE-2021-46835
- RESERVED
-CVE-2020-36602
- RESERVED
+CVE-2021-46835 (There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Suc ...)
+ TODO: check
+CVE-2020-36602 (There is an out-of-bounds read and write vulnerability in some headset ...)
+ TODO: check
CVE-2022-38744
RESERVED
CVE-2022-38743
@@ -6142,8 +6304,8 @@ CVE-2022-38621 (Doufox v0.0.4 was discovered to contain a remote code execution
TODO: check
CVE-2022-38620
RESERVED
-CVE-2022-38619
- RESERVED
+CVE-2022-38619 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
+ TODO: check
CVE-2022-38618 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
NOT-FOR-US: SmartVista SVFE2
CVE-2022-38617 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
@@ -6731,8 +6893,8 @@ CVE-2022-2893
RESERVED
CVE-2022-2892 (Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmain ...)
NOT-FOR-US: Measuresoft ScadaPro
-CVE-2021-46834
- RESERVED
+CVE-2021-46834 (A permission bypass vulnerability in Huawei cross device task manageme ...)
+ TODO: check
CVE-2020-36599 (lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before ...)
[experimental] - ruby-omniauth 2.0.4-1~exp1
- ruby-omniauth <unfixed>
@@ -8246,22 +8408,22 @@ CVE-2022-37886
RESERVED
CVE-2022-37885
RESERVED
-CVE-2022-37884
- RESERVED
-CVE-2022-37883
- RESERVED
-CVE-2022-37882
- RESERVED
-CVE-2022-37881
- RESERVED
-CVE-2022-37880
- RESERVED
-CVE-2022-37879
- RESERVED
-CVE-2022-37878
- RESERVED
-CVE-2022-37877
- RESERVED
+CVE-2022-37884 (A vulnerability exists in the ClearPass Policy Manager Guest User Inte ...)
+ TODO: check
+CVE-2022-37883 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
+ TODO: check
+CVE-2022-37882 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
+ TODO: check
+CVE-2022-37881 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
+ TODO: check
+CVE-2022-37880 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
+ TODO: check
+CVE-2022-37879 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
+ TODO: check
+CVE-2022-37878 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
+ TODO: check
+CVE-2022-37877 (A vulnerability in the ClearPass OnGuard macOS agent could allow malic ...)
+ TODO: check
CVE-2022-2725 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
NOT-FOR-US: SourceCodester Company Website CMS
CVE-2022-2724 (A vulnerability was found in SourceCodester Employee Management System ...)
@@ -9495,8 +9657,8 @@ CVE-2022-2640
RESERVED
CVE-2022-37396 (In JetBrains Rider before 2022.2 Trust and Open Project dialog could b ...)
NOT-FOR-US: JetBrains
-CVE-2022-37395
- RESERVED
+CVE-2022-37395 (A Huawei device has an input verification vulnerability. Successful ex ...)
+ TODO: check
CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 2 ...)
- nova <unfixed> (bug #1016980)
[bullseye] - nova <no-dsa> (Minor issue)
@@ -13186,8 +13348,8 @@ CVE-2022-35959 (TensorFlow is an open source platform for machine learning. The
- tensorflow <itp> (bug #804612)
CVE-2022-35958
REJECTED
-CVE-2022-35957
- RESERVED
+CVE-2022-35957 (Grafana is an open-source platform for monitoring and observability. V ...)
+ TODO: check
CVE-2022-35956 (This Rails gem adds two methods to the ActiveRecord::Base class that a ...)
TODO: check
CVE-2022-35955
@@ -14913,7 +15075,7 @@ CVE-2022-35297
RESERVED
CVE-2022-35296
RESERVED
-CVE-2022-35295 (Under certain conditions, the application SAP BusinessObjects Business ...)
+CVE-2022-35295 (In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files ...)
NOT-FOR-US: SAP
CVE-2022-35294 (An attacker with basic business user privileges could craft and upload ...)
NOT-FOR-US: SAP
@@ -15421,18 +15583,18 @@ CVE-2022-35092
RESERVED
CVE-2022-35091
RESERVED
-CVE-2022-35090
- RESERVED
-CVE-2022-35089
- RESERVED
-CVE-2022-35088
- RESERVED
-CVE-2022-35087
- RESERVED
-CVE-2022-35086
- RESERVED
-CVE-2022-35085
- RESERVED
+CVE-2022-35090 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...)
+ TODO: check
+CVE-2022-35089 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overf ...)
+ TODO: check
+CVE-2022-35088 (SWFTools commit 772e55a2 was discovered to contain a heap buffer-overf ...)
+ TODO: check
+CVE-2022-35087 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...)
+ TODO: check
+CVE-2022-35086 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...)
+ TODO: check
+CVE-2022-35085 (SWFTools commit 772e55a2 was discovered to contain a memory leak via / ...)
+ TODO: check
CVE-2022-35084
RESERVED
CVE-2022-35083
@@ -19277,8 +19439,8 @@ CVE-2022-2087 (A vulnerability, which was classified as problematic, was found i
NOT-FOR-US: SourceCodester Bank Management System
CVE-2022-2086 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester Bank Management System
-CVE-2022-33735
- RESERVED
+CVE-2022-33735 (There is a password verification vulnerability in WS7200-10 11.0.2.13. ...)
+ TODO: check
CVE-2022-33734 (Sensitive information exposure in onCharacteristicChanged in Charm by ...)
NOT-FOR-US: Samsung
CVE-2022-33733 (Sensitive information exposure in onCharacteristicRead in Charm by Sam ...)
@@ -21100,8 +21262,8 @@ CVE-2022-32919
RESERVED
CVE-2022-32918
RESERVED
-CVE-2022-32917
- RESERVED
+CVE-2022-32917 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
CVE-2022-32916
RESERVED
CVE-2022-32915
@@ -21110,19 +21272,18 @@ CVE-2022-32914
RESERVED
CVE-2022-32913
RESERVED
-CVE-2022-32912
- RESERVED
+CVE-2022-32912 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- webkit2gtk <not-affected> (only affects macOS)
- wpewebkit <not-affected> (only affects macOS)
NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
-CVE-2022-32911
- RESERVED
+CVE-2022-32911 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
CVE-2022-32910
RESERVED
CVE-2022-32909
RESERVED
-CVE-2022-32908
- RESERVED
+CVE-2022-32908 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
CVE-2022-32907
RESERVED
CVE-2022-32906
@@ -21172,8 +21333,7 @@ CVE-2022-32888
RESERVED
CVE-2022-32887
RESERVED
-CVE-2022-32886
- RESERVED
+CVE-2022-32886 (A buffer overflow issue was addressed with improved memory handling. T ...)
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
@@ -21181,14 +21341,14 @@ CVE-2022-32885
RESERVED
CVE-2022-32884
RESERVED
-CVE-2022-32883
- RESERVED
-CVE-2022-32882
- RESERVED
+CVE-2022-32883 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2022-32882 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2022-32881
RESERVED
-CVE-2022-32880
- RESERVED
+CVE-2022-32880 (This issue was addressed by enabling hardened runtime. This issue is f ...)
+ TODO: check
CVE-2022-32879
RESERVED
CVE-2022-32878
@@ -21203,30 +21363,30 @@ CVE-2022-32874
RESERVED
CVE-2022-32873
RESERVED
-CVE-2022-32872
- RESERVED
+CVE-2022-32872 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
CVE-2022-32871
RESERVED
CVE-2022-32870
RESERVED
CVE-2022-32869
RESERVED
-CVE-2022-32868
- RESERVED
+CVE-2022-32868 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2022-32867
RESERVED
CVE-2022-32866
RESERVED
CVE-2022-32865
RESERVED
-CVE-2022-32864
- RESERVED
-CVE-2022-32863
- RESERVED
+CVE-2022-32864 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2022-32863 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
CVE-2022-32862
RESERVED
-CVE-2022-32861
- RESERVED
+CVE-2022-32861 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2022-32860
RESERVED
CVE-2022-32859
@@ -21239,8 +21399,8 @@ CVE-2022-32856
RESERVED
CVE-2022-32855
RESERVED
-CVE-2022-32854
- RESERVED
+CVE-2022-32854 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2022-32853
RESERVED
CVE-2022-32852
@@ -21347,8 +21507,8 @@ CVE-2022-32804
RESERVED
CVE-2022-32803
RESERVED
-CVE-2022-32802
- RESERVED
+CVE-2022-32802 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
CVE-2022-32801
RESERVED
CVE-2022-32800
@@ -21361,8 +21521,8 @@ CVE-2022-32797
RESERVED
CVE-2022-32796
RESERVED
-CVE-2022-32795
- RESERVED
+CVE-2022-32795 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2022-32794
RESERVED
CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with improved bound ...)
@@ -21380,8 +21540,8 @@ CVE-2022-32790
RESERVED
CVE-2022-32789
RESERVED
-CVE-2022-32788
- RESERVED
+CVE-2022-32788 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
CVE-2022-32787
RESERVED
CVE-2022-32786
@@ -33640,14 +33800,14 @@ CVE-2022-28642
RESERVED
CVE-2022-28641
RESERVED
-CVE-2022-28640
- RESERVED
-CVE-2022-28639
- RESERVED
-CVE-2022-28638
- RESERVED
-CVE-2022-28637
- RESERVED
+CVE-2022-28640 (A potential local adjacent arbitrary code execution vulnerability that ...)
+ TODO: check
+CVE-2022-28639 (A remote potential adjacent denial of service (DoS) and potential adja ...)
+ TODO: check
+CVE-2022-28638 (An isolated local disclosure of information and potential isolated loc ...)
+ TODO: check
+CVE-2022-28637 (A local Denial of Service (DoS) and local arbitrary code execution vul ...)
+ TODO: check
CVE-2022-28636 (A potential local arbitrary code execution and a local denial of servi ...)
NOT-FOR-US: HPE
CVE-2022-28635 (A potential local arbitrary code execution and a local denial of servi ...)
@@ -39356,8 +39516,8 @@ CVE-2022-26698 (An out-of-bounds read issue was addressed with improved bounds c
NOT-FOR-US: Apple
CVE-2022-26697 (An out-of-bounds read issue was addressed with improved input validati ...)
NOT-FOR-US: Apple
-CVE-2022-26696
- RESERVED
+CVE-2022-26696 (This issue was addressed with improved environment sanitization. This ...)
+ TODO: check
CVE-2022-26695
RESERVED
CVE-2022-26694 (This issue was addressed with improved checks. This issue is fixed in ...)
@@ -49012,16 +49172,16 @@ CVE-2022-23698 (A remote unauthenticated disclosure of information vulnerability
NOT-FOR-US: HPE
CVE-2022-23697 (A remote cross-site scripting (xss) vulnerability was discovered in HP ...)
NOT-FOR-US: HPE
-CVE-2022-23696
- RESERVED
-CVE-2022-23695
- RESERVED
-CVE-2022-23694
- RESERVED
-CVE-2022-23693
- RESERVED
-CVE-2022-23692
- RESERVED
+CVE-2022-23696 (Vulnerabilities in the web-based management interface of ClearPass Pol ...)
+ TODO: check
+CVE-2022-23695 (Vulnerabilities in the web-based management interface of ClearPass Pol ...)
+ TODO: check
+CVE-2022-23694 (Vulnerabilities in the web-based management interface of ClearPass Pol ...)
+ TODO: check
+CVE-2022-23693 (Vulnerabilities in the web-based management interface of ClearPass Pol ...)
+ TODO: check
+CVE-2022-23692 (Vulnerabilities in the web-based management interface of ClearPass Pol ...)
+ TODO: check
CVE-2022-23691 (A vulnerability exists in certain AOS-CX switch models which could all ...)
NOT-FOR-US: Aruba
CVE-2022-23690 (A vulnerability in the web-based management interface of AOS-CX could ...)
@@ -49034,8 +49194,8 @@ CVE-2022-23687 (Multiple vulnerabilities exist in the processing of packet data
NOT-FOR-US: Aruba
CVE-2022-23686 (Multiple vulnerabilities exist in the processing of packet data by the ...)
NOT-FOR-US: Aruba
-CVE-2022-23685
- RESERVED
+CVE-2022-23685 (A vulnerability in the ClearPass Policy Manager web-based management i ...)
+ TODO: check
CVE-2022-23684 (A vulnerability in the web-based management interface of AOS-CX could ...)
NOT-FOR-US: Aruba
CVE-2022-23683 (Authenticated command injection vulnerabilities exist in the AOS-CX Ne ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/483dadfecad4c44167bd9f20a9d5d12ba45d5535
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/483dadfecad4c44167bd9f20a9d5d12ba45d5535
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220921/dada2190/attachment.htm>
More information about the debian-security-tracker-commits
mailing list