[Git][security-tracker-team/security-tracker][master] automatic update

Sat Sep 24 09:10:26 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
50abc733 by security tracker role at 2022-09-24T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2022-3294
+	RESERVED
+CVE-2022-3293
+	RESERVED
+CVE-2022-3292
+	RESERVED
 CVE-2022-41336
 	RESERVED
 CVE-2022-41335
@@ -60,8 +66,8 @@ CVE-2022-3280
 	RESERVED
 CVE-2022-3279
 	RESERVED
-CVE-2022-3278
-	RESERVED
+CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.055 ...)
+	TODO: check
 CVE-2022-3277 [unrestricted creation of security groups]
 	RESERVED
 	- neutron <unfixed>
@@ -1600,15 +1606,15 @@ CVE-2022-40673 (KDiskMark before 3.1.0 lacks authorization checking for D-Bus me
 CVE-2022-40670
 	RESERVED
 CVE-2022-40669
-	RESERVED
+	REJECTED
 CVE-2022-40668
-	RESERVED
+	REJECTED
 CVE-2022-40667
-	RESERVED
+	REJECTED
 CVE-2022-40666
-	RESERVED
+	REJECTED
 CVE-2022-40665
-	RESERVED
+	REJECTED
 CVE-2022-40664
 	RESERVED
 CVE-2022-40663 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -2934,26 +2940,26 @@ CVE-2022-40124
 	RESERVED
 CVE-2022-40123
 	RESERVED
-CVE-2022-40122
-	RESERVED
-CVE-2022-40121
-	RESERVED
-CVE-2022-40120
-	RESERVED
-CVE-2022-40119
-	RESERVED
-CVE-2022-40118
-	RESERVED
-CVE-2022-40117
-	RESERVED
-CVE-2022-40116
-	RESERVED
-CVE-2022-40115
-	RESERVED
-CVE-2022-40114
-	RESERVED
-CVE-2022-40113
-	RESERVED
+CVE-2022-40122 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2022-40121 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2022-40120 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2022-40119 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2022-40118 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2022-40117 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2022-40116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2022-40115 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2022-40114 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2022-40113 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
 CVE-2022-40112 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2022-40111 (In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the sha ...)
@@ -4805,12 +4811,12 @@ CVE-2022-39244
 	RESERVED
 CVE-2022-39243
 	RESERVED
-CVE-2022-39242
-	RESERVED
+CVE-2022-39242 (Frontier is an Ethereum compatibility layer for Substrate. Prior to co ...)
+	TODO: check
 CVE-2022-39241
 	RESERVED
-CVE-2022-39240
-	RESERVED
+CVE-2022-39240 (MyGraph is a permission management system. Versions prior to 1.0.4 are ...)
+	TODO: check
 CVE-2022-39239 (netlify-ipx is an on-Demand image optimization for Netlify using ipx.  ...)
 	TODO: check
 CVE-2022-39238 (Arvados is an open source platform for managing and analyzing biomedic ...)
@@ -13610,8 +13616,8 @@ CVE-2022-36027 (TensorFlow is an open source platform for machine learning. When
 	- tensorflow <itp> (bug #804612)
 CVE-2022-36026 (TensorFlow is an open source platform for machine learning. If `Quanti ...)
 	- tensorflow <itp> (bug #804612)
-CVE-2022-36025
-	RESERVED
+CVE-2022-36025 (Besu is a Java-based Ethereum client. In versions newer than 22.1.3 an ...)
+	TODO: check
 CVE-2022-36024 (py-cord is a an API wrapper for Discord written in Python. Bots creati ...)
 	NOT-FOR-US: py-cord
 CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distributed led ...)
@@ -50198,14 +50204,14 @@ CVE-2022-23466
 	RESERVED
 CVE-2022-23465
 	RESERVED
-CVE-2022-23464
-	RESERVED
-CVE-2022-23463
-	RESERVED
+CVE-2022-23464 (Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnera ...)
+	TODO: check
+CVE-2022-23463 (Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerab ...)
+	TODO: check
 CVE-2022-23462
 	RESERVED
-CVE-2022-23461
-	RESERVED
+CVE-2022-23461 (Jodit Editor is a WYSIWYG editor written in pure TypeScript without th ...)
+	TODO: check
 CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...)
 	TODO: check - numerous jsonxx repositories exist on github
 	NOTE: https://github.com/advisories/GHSA-h8mv-q3c4-8hw2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50abc733ec3f8470a47509bce04da89ea7eb8cef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50abc733ec3f8470a47509bce04da89ea7eb8cef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220924/35498233/attachment-0001.htm>
