[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 26 21:10:48 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e39db614 by security tracker role at 2022-09-26T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-41557
+	RESERVED
+CVE-2022-41556
+	RESERVED
+CVE-2022-40690
+	RESERVED
+CVE-2022-3322
+	RESERVED
+CVE-2022-3321
+	RESERVED
+CVE-2022-3320
+	RESERVED
+CVE-2022-3319
+	RESERVED
+CVE-2022-3318
+	RESERVED
+CVE-2022-3317
+	RESERVED
+CVE-2022-3316
+	RESERVED
+CVE-2022-3315
+	RESERVED
+CVE-2022-3314
+	RESERVED
+CVE-2022-3313
+	RESERVED
+CVE-2022-3312
+	RESERVED
+CVE-2022-3311
+	RESERVED
+CVE-2022-3310
+	RESERVED
+CVE-2022-3309
+	RESERVED
+CVE-2022-3308
+	RESERVED
+CVE-2022-3307
+	RESERVED
+CVE-2022-3306
+	RESERVED
+CVE-2022-3305
+	RESERVED
+CVE-2022-3304
+	RESERVED
+CVE-2022-3303
+	RESERVED
+CVE-2022-3302
+	RESERVED
+CVE-2022-3301 (Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdif ...)
+	TODO: check
+CVE-2022-3300
+	RESERVED
 CVE-2022-41553
 	RESERVED
 CVE-2022-41552
@@ -420,8 +472,8 @@ CVE-2022-41344
 	RESERVED
 CVE-2022-40984
 	RESERVED
-CVE-2022-3299
-	RESERVED
+CVE-2022-3299 (A vulnerability was found in Open5GS up to 2.4.10. It has been declare ...)
+	TODO: check
 CVE-2022-3298
 	RESERVED
 CVE-2022-41343 (registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote f ...)
@@ -444,8 +496,8 @@ CVE-2022-3296 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to
 	- vim <unfixed>
 	NOTE: https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077
 	NOTE: https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be (v9.0.0577)
-CVE-2022-3295
-	RESERVED
+CVE-2022-3295 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
+	TODO: check
 CVE-2022-3294
 	RESERVED
 CVE-2022-3293
@@ -474,8 +526,8 @@ CVE-2022-41327
 	RESERVED
 CVE-2022-3291
 	RESERVED
-CVE-2022-3290
-	RESERVED
+CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...)
+	TODO: check
 CVE-2022-3289
 	RESERVED
 CVE-2022-3288
@@ -537,8 +589,8 @@ CVE-2022-3274 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rd
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3273
 	RESERVED
-CVE-2022-3272
-	RESERVED
+CVE-2022-3272 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...)
+	TODO: check
 CVE-2022-3271
 	RESERVED
 CVE-2022-3270
@@ -1312,7 +1364,7 @@ CVE-2022-40969
 	RESERVED
 CVE-2022-40962
 	RESERVED
-	{DSA-5237-1}
+	{DSA-5237-1 DLA-3121-1}
 	- firefox 105.0-1
 	- firefox-esr 102.3.0esr-1
 	- thunderbird 1:102.3.0-1
@@ -1325,7 +1377,7 @@ CVE-2022-40961
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40961
 CVE-2022-40960
 	RESERVED
-	{DSA-5237-1}
+	{DSA-5237-1 DLA-3121-1}
 	- firefox 105.0-1
 	- firefox-esr 102.3.0esr-1
 	- thunderbird 1:102.3.0-1
@@ -1334,7 +1386,7 @@ CVE-2022-40960
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40960
 CVE-2022-40959
 	RESERVED
-	{DSA-5237-1}
+	{DSA-5237-1 DLA-3121-1}
 	- firefox 105.0-1
 	- firefox-esr 102.3.0esr-1
 	- thunderbird 1:102.3.0-1
@@ -1343,7 +1395,7 @@ CVE-2022-40959
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40959
 CVE-2022-40958
 	RESERVED
-	{DSA-5237-1}
+	{DSA-5237-1 DLA-3121-1}
 	- firefox 105.0-1
 	- firefox-esr 102.3.0esr-1
 	- thunderbird 1:102.3.0-1
@@ -1352,7 +1404,7 @@ CVE-2022-40958
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40958
 CVE-2022-40957
 	RESERVED
-	{DSA-5237-1}
+	{DSA-5237-1 DLA-3121-1}
 	- firefox 105.0-1
 	- firefox-esr 102.3.0esr-1
 	- thunderbird 1:102.3.0-1
@@ -1361,7 +1413,7 @@ CVE-2022-40957
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40957
 CVE-2022-40956
 	RESERVED
-	{DSA-5237-1}
+	{DSA-5237-1 DLA-3121-1}
 	- firefox 105.0-1
 	- firefox-esr 102.3.0esr-1
 	- thunderbird 1:102.3.0-1
@@ -1447,16 +1499,16 @@ CVE-2022-40930
 	RESERVED
 CVE-2022-40929
 	RESERVED
-CVE-2022-40928
-	RESERVED
-CVE-2022-40927
-	RESERVED
-CVE-2022-40926
-	RESERVED
-CVE-2022-40925
-	RESERVED
-CVE-2022-40924
-	RESERVED
+CVE-2022-40928 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...)
+	TODO: check
+CVE-2022-40927 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...)
+	TODO: check
+CVE-2022-40926 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...)
+	TODO: check
+CVE-2022-40925 (Zoo Management System v1.0 has an arbitrary file upload vulnerability  ...)
+	TODO: check
+CVE-2022-40924 (Zoo Management System v1.0 has an arbitrary file upload vulnerability  ...)
+	TODO: check
 CVE-2022-40923
 	RESERVED
 CVE-2022-40922
@@ -1733,10 +1785,10 @@ CVE-2022-40787
 	RESERVED
 CVE-2022-40786
 	RESERVED
-CVE-2022-40785
-	RESERVED
-CVE-2022-40784
-	RESERVED
+CVE-2022-40785 (Unsanitized input when setting a locale file leads to shell injection  ...)
+	TODO: check
+CVE-2022-40784 (Unlimited strcpy on user input when setting a locale file leads to sta ...)
+	TODO: check
 CVE-2022-40783
 	RESERVED
 CVE-2022-40782
@@ -2155,8 +2207,7 @@ CVE-2022-3206
 	RESERVED
 CVE-2022-3205 (An XSS exists in automation controller UI where the project name is su ...)
 	NOT-FOR-US: Red Hat Ansible Automation Controller
-CVE-2022-3204
-	RESERVED
+CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation ...)
 	- unbound 1.16.3-1
 	[bullseye] - unbound <no-dsa> (Minor issue)
 	[buster] - unbound <no-dsa> (Minor issue)
@@ -2169,38 +2220,31 @@ CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Jo
 	[bullseye] - linux 5.10.113-1
 	[buster] - linux 4.19.249-1
 	NOTE: https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47 (5.18-rc1)
-CVE-2022-3201
-	RESERVED
+CVE-2022-3201 (Insufficient validation of untrusted input in DevTools in Google Chrom ...)
 	{DSA-5230-1}
 	- chromium 105.0.5195.125-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3200
-	RESERVED
+CVE-2022-3200 (Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195 ...)
 	{DSA-5230-1}
 	- chromium 105.0.5195.125-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3199
-	RESERVED
+CVE-2022-3199 (Use after free in Frames in Google Chrome prior to 105.0.5195.125 allo ...)
 	{DSA-5230-1}
 	- chromium 105.0.5195.125-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3198
-	RESERVED
+CVE-2022-3198 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...)
 	{DSA-5230-1}
 	- chromium 105.0.5195.125-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3197
-	RESERVED
+CVE-2022-3197 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...)
 	{DSA-5230-1}
 	- chromium 105.0.5195.125-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3196
-	RESERVED
+CVE-2022-3196 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...)
 	{DSA-5230-1}
 	- chromium 105.0.5195.125-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3195
-	RESERVED
+CVE-2022-3195 (Out of bounds write in Storage in Google Chrome prior to 105.0.5195.12 ...)
 	{DSA-5230-1}
 	- chromium 105.0.5195.125-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -2547,12 +2591,12 @@ CVE-2022-40487
 	RESERVED
 CVE-2022-40486
 	RESERVED
-CVE-2022-40485
-	RESERVED
-CVE-2022-40484
-	RESERVED
-CVE-2022-40483
-	RESERVED
+CVE-2022-40485 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+	TODO: check
+CVE-2022-40484 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+	TODO: check
+CVE-2022-40483 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+	TODO: check
 CVE-2022-40482
 	RESERVED
 CVE-2022-40481
@@ -2714,12 +2758,12 @@ CVE-2022-40406
 	RESERVED
 CVE-2022-40405
 	RESERVED
-CVE-2022-40404
-	RESERVED
-CVE-2022-40403
-	RESERVED
-CVE-2022-40402
-	RESERVED
+CVE-2022-40404 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+	TODO: check
+CVE-2022-40403 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+	TODO: check
+CVE-2022-40402 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+	TODO: check
 CVE-2022-40401
 	RESERVED
 CVE-2022-40400
@@ -3552,10 +3596,10 @@ CVE-2022-40046
 	RESERVED
 CVE-2022-40045
 	RESERVED
-CVE-2022-40044
-	RESERVED
-CVE-2022-40043
-	RESERVED
+CVE-2022-40044 (Centreon v20.10.18 was discovered to contain a cross-site scripting (X ...)
+	TODO: check
+CVE-2022-40043 (Centreon v20.10.18 was discovered to contain a SQL injection vulnerabi ...)
+	TODO: check
 CVE-2022-40042
 	RESERVED
 CVE-2022-40041
@@ -3728,8 +3772,8 @@ CVE-2022-39961
 	RESERVED
 CVE-2022-39960 (The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not ...)
 	NOT-FOR-US: Atlassian
-CVE-2022-3135
-	RESERVED
+CVE-2022-3135 (The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise a ...)
+	TODO: check
 CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ...)
 	- vim <unfixed> (bug #1019590)
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -4094,8 +4138,8 @@ CVE-2022-36423 (OpenHarmony-v3.1.2 and prior versions have an incorrect configur
 	NOT-FOR-US: OpenHarmony
 CVE-2022-3120 (A vulnerability classified as critical was found in SourceCodester Cli ...)
 	NOT-FOR-US: SourceCodester Clinics Patient Management System
-CVE-2022-3119
-	RESERVED
+CVE-2022-3119 (The OAuth client Single Sign On WordPress plugin before 3.0.4 does not ...)
+	TODO: check
 CVE-2022-3118 (A vulnerability was found in Sourcecodehero ERP System Project. It has ...)
 	NOT-FOR-US: Sourcecodehero ERP System Project
 CVE-2022-39808
@@ -4146,8 +4190,8 @@ CVE-2022-3105
 	RESERVED
 CVE-2022-3104
 	RESERVED
-CVE-2022-3103
-	RESERVED
+CVE-2022-3103 (off-by-one in io_uring module. ...)
+	TODO: check
 CVE-2022-3102
 	RESERVED
 CVE-2022-3101
@@ -5261,12 +5305,12 @@ CVE-2022-39247
 	RESERVED
 CVE-2022-39246
 	RESERVED
-CVE-2022-39245
-	RESERVED
+CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...)
+	TODO: check
 CVE-2022-39244
 	RESERVED
-CVE-2022-39243
-	RESERVED
+CVE-2022-39243 (NuProcess is an external process execution implementation for Java. In ...)
+	TODO: check
 CVE-2022-39242 (Frontier is an Ethereum compatibility layer for Substrate. Prior to co ...)
 	TODO: check
 CVE-2022-39241
@@ -5313,8 +5357,8 @@ CVE-2022-39221 (McWebserver mod runs a simple HTTP server alongside the Minecraf
 	NOT-FOR-US: McWebserver
 CVE-2022-39220 (SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are su ...)
 	NOT-FOR-US: SFTPGo
-CVE-2022-39219
-	RESERVED
+CVE-2022-39219 (Bifrost is a middleware package which can synchronize MySQL/MariaDB bi ...)
+	TODO: check
 CVE-2022-39218 (The JS Compute Runtime for Fastly's Compute at Edge platform provides the ...)
 	NOT-FOR-US: Fastly
 CVE-2022-39217 (some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub ...)
@@ -5368,8 +5412,8 @@ CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360. ..
 	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e
 	NOTE: https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (v9.0.0360)
-CVE-2022-3098
-	RESERVED
+CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF  ...)
+	TODO: check
 CVE-2022-3097
 	RESERVED
 CVE-2022-3096
@@ -5682,15 +5726,14 @@ CVE-2022-3077 (A buffer overflow vulnerability was found in the Linux kernel Int
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2123309
 	NOTE: https://git.kernel.org/linus/690b2549b19563ec5ad53e5c82f6a944d910086e (5.19-rc1)
-CVE-2022-3076
-	RESERVED
-CVE-2022-3075
-	RESERVED
+CVE-2022-3076 (The CM Download Manager WordPress plugin before 2.8.6 allows high priv ...)
+	TODO: check
+CVE-2022-3075 (Insufficient data validation in Mojo in Google Chrome prior to 105.0.5 ...)
 	{DSA-5225-1}
 	- chromium 105.0.5195.102-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3074
-	RESERVED
+CVE-2022-3074 (The Slider Hero WordPress plugin before 8.4.4 does not escape the slid ...)
+	TODO: check
 CVE-2022-3073
 	RESERVED
 CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
@@ -5704,10 +5747,9 @@ CVE-2022-39079
 	RESERVED
 CVE-2022-39078
 	RESERVED
-CVE-2022-3070
-	RESERVED
-CVE-2022-3071
-	RESERVED
+CVE-2022-3070 (The Generate PDF WordPress plugin before 3.6 does not sanitise and esc ...)
+	TODO: check
+CVE-2022-3071 (Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prio ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -5772,8 +5814,8 @@ CVE-2022-39050 (An attacker who is logged into OTRS as an admin user may manipul
 CVE-2022-39049 (An attacker who is logged into OTRS as an admin user may manipulate th ...)
 	NOT-FOR-US: OTRS
 	NOTE: Could possibly affect Znuny, we'll let their security team figure it out
-CVE-2022-3069
-	RESERVED
+CVE-2022-3069 (The WordLift WordPress plugin before 3.37.2 does not sanitise and esca ...)
+	TODO: check
 CVE-2022-3068 (Improper Privilege Management in GitHub repository octoprint/octoprint ...)
 	- octoprint <itp> (bug #718591)
 CVE-2022-39048
@@ -5794,8 +5836,8 @@ CVE-2022-3064
 	RESERVED
 CVE-2022-3063
 	REJECTED
-CVE-2022-3062
-	RESERVED
+CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not escape pa ...)
+	TODO: check
 CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program coul ...)
 	- linux 5.18.2-1
 	NOTE: https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5)
@@ -5861,108 +5903,87 @@ CVE-2022-3060
 	RESERVED
 CVE-2022-3059
 	RESERVED
-CVE-2022-3058
-	RESERVED
+CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3057
-	RESERVED
+CVE-2022-3057 (Inappropriate implementation in iframe Sandbox in Google Chrome prior  ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3056
-	RESERVED
+CVE-2022-3056 (Insufficient policy enforcement in Content Security Policy in Google C ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3055
-	RESERVED
+CVE-2022-3055 (Use after free in Passwords in Google Chrome prior to 105.0.5195.52 al ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3054
-	RESERVED
+CVE-2022-3054 (Insufficient policy enforcement in DevTools in Google Chrome prior to  ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3053
-	RESERVED
+CVE-2022-3053 (Inappropriate implementation in Pointer Lock in Google Chrome on Mac p ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3052
-	RESERVED
+CVE-2022-3052 (Heap buffer overflow in Window Manager in Google Chrome on Chrome OS,  ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3051
-	RESERVED
+CVE-2022-3051 (Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacro ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3050
-	RESERVED
+CVE-2022-3050 (Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 1 ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3049
-	RESERVED
+CVE-2022-3049 (Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros pr ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3048
-	RESERVED
+CVE-2022-3048 (Inappropriate implementation in Chrome OS lockscreen in Google Chrome  ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3047
-	RESERVED
+CVE-2022-3047 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3046
-	RESERVED
+CVE-2022-3046 (Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52  ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3045
-	RESERVED
+CVE-2022-3045 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3044
-	RESERVED
+CVE-2022-3044 (Inappropriate implementation in Site Isolation in Google Chrome prior  ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3043
-	RESERVED
+CVE-2022-3043 (Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS p ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3042
-	RESERVED
+CVE-2022-3042 (Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105. ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3041
-	RESERVED
+CVE-2022-3041 (Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allow ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3040
-	RESERVED
+CVE-2022-3040 (Use after free in Layout in Google Chrome prior to 105.0.5195.52 allow ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3039
-	RESERVED
+CVE-2022-3039 (Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allow ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3038
-	RESERVED
+CVE-2022-3038 (Use after free in Network Service in Google Chrome prior to 105.0.5195 ...)
 	{DSA-5223-1}
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -6058,8 +6079,8 @@ CVE-2022-38978 (The secure OS module has configuration defects. Successful explo
 	NOT-FOR-US: Huawei
 CVE-2022-38977
 	RESERVED
-CVE-2022-38970
-	RESERVED
+CVE-2022-38970 (ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access C ...)
+	TODO: check
 CVE-2022-38969
 	RESERVED
 CVE-2022-38968
@@ -6486,10 +6507,10 @@ CVE-2022-3027 (The CMS8000 device does not properly control or sanitize the SSID
 	NOT-FOR-US: CMS8000 device
 CVE-2022-3026 (The WP Users Exporter plugin for WordPress is vulnerable to CSV Inject ...)
 	NOT-FOR-US: WP Users Exporter plugin for WordPress
-CVE-2022-3025
-	RESERVED
-CVE-2022-3024
-	RESERVED
+CVE-2022-3025 (The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not h ...)
+	TODO: check
+CVE-2022-3024 (The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not hav ...)
+	TODO: check
 CVE-2022-3023
 	RESERVED
 CVE-2022-3022
@@ -6651,8 +6672,7 @@ CVE-2022-38753
 	RESERVED
 CVE-2022-2999
 	RESERVED
-CVE-2022-2998
-	RESERVED
+CVE-2022-2998 (Use after free in Browser Creation in Google Chrome prior to 104.0.511 ...)
 	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -6721,8 +6741,8 @@ CVE-2022-2989 (An incorrect handling of the supplementary groups in the Podman c
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121445
 CVE-2022-2988
 	RESERVED
-CVE-2022-2987
-	RESERVED
+CVE-2022-2987 (The Ldap WP Login / Active Directory Integration WordPress plugin befo ...)
+	TODO: check
 CVE-2022-2986
 	RESERVED
 	- moodle <removed>
@@ -7086,8 +7106,8 @@ CVE-2022-2928
 	RESERVED
 CVE-2022-2927 (Weak Password Requirements in GitHub repository notrinos/notrinoserp p ...)
 	NOT-FOR-US: NotrinosERP
-CVE-2022-2926
-	RESERVED
+CVE-2022-2926 (The Download Manager WordPress plugin before 3.2.55 does not validate  ...)
+	TODO: check
 CVE-2022-38647
 	RESERVED
 CVE-2022-38646
@@ -7279,8 +7299,8 @@ CVE-2022-38555 (Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_ge
 	NOT-FOR-US: Linksys
 CVE-2022-38554
 	RESERVED
-CVE-2022-38553
-	RESERVED
+CVE-2022-38553 (Academy Learning Management System before v5.9.1 was discovered to con ...)
+	TODO: check
 CVE-2022-38552
 	RESERVED
 CVE-2022-38551
@@ -7583,8 +7603,8 @@ CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1
 CVE-2022-2904
 	RESERVED
-CVE-2022-2903
-	RESERVED
+CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialis ...)
+	TODO: check
 CVE-2022-2902
 	RESERVED
 CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot prior to ...)
@@ -7896,53 +7916,43 @@ CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0221. ..
 	- vim 2:9.0.0229-1
 	NOTE: https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765
 	NOTE: https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494 (v9.0.0221)
-CVE-2022-2861
-	RESERVED
+CVE-2022-2861 (Inappropriate implementation in Extensions API in Google Chrome prior  ...)
 	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2860
-	RESERVED
+CVE-2022-2860 (Insufficient policy enforcement in Cookies in Google Chrome prior to 1 ...)
 	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2859
-	RESERVED
+CVE-2022-2859 (Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112 ...)
 	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2858
-	RESERVED
+CVE-2022-2858 (Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.10 ...)
 	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2857
-	RESERVED
+CVE-2022-2857 (Use after free in Blink in Google Chrome prior to 104.0.5112.101 allow ...)
 	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2856
-	RESERVED
+CVE-2022-2856 (Insufficient validation of untrusted input in Intents in Google Chrome ...)
 	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2855
-	RESERVED
+CVE-2022-2855 (Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allow ...)
 	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2854
-	RESERVED
+CVE-2022-2854 (Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 ...)
 	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2853
-	RESERVED
+CVE-2022-2853 (Heap buffer overflow in Downloads in Google Chrome on Android prior to ...)
 	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2852
-	RESERVED
+CVE-2022-2852 (Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allow ...)
 	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -13704,10 +13714,10 @@ CVE-2022-36161 (Orange Station 1.0 was discovered to contain a SQL injection vul
 	NOT-FOR-US: Orange Station
 CVE-2022-36160
 	RESERVED
-CVE-2022-36159
-	RESERVED
-CVE-2022-36158
-	RESERVED
+CVE-2022-36159 (Contec FXA3200 version 1.13 and under were discovered to contain a har ...)
+	TODO: check
+CVE-2022-36158 (Contec FXA3200 version 1.13.00 and under suffers from Insecure Permiss ...)
+	TODO: check
 CVE-2022-36157 (XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Per ...)
 	NOT-FOR-US: XXL-JOB
 CVE-2022-36156
@@ -14514,10 +14524,10 @@ CVE-2022-2407 (The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2406 (The legacy Slack import feature in Mattermost version 6.7.0 and earlie ...)
 	- mattermost-server <itp> (bug #823556)
-CVE-2022-2405
-	RESERVED
-CVE-2022-2404
-	RESERVED
+CVE-2022-2405 (The WP Popup Builder WordPress plugin through 1.2.8 does not have auth ...)
+	TODO: check
+CVE-2022-2404 (The WP Popup Builder WordPress plugin through 1.2.8 does not sanitise  ...)
+	TODO: check
 CVE-2022-2403 (A credentials leak was found in the OpenShift Container Platform. The  ...)
 	NOT-FOR-US: OpenShift
 CVE-2022-35863
@@ -15646,7 +15656,7 @@ CVE-2022-2362 (The Download Manager WordPress plugin before 3.2.50 prioritizes g
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2361 (The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-35413 (WAPPLES through 6.0 has a hardcoded systemi account accessible via db/ ...)
+CVE-2022-35413 (WAPPLES through 6.0 has a hardcoded systemi account. A threat actor co ...)
 	NOT-FOR-US: Penta Security Systems Inc WAPPLES
 CVE-2022-35412 (Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinar ...)
 	NOT-FOR-US: Digital Guardian Agent
@@ -15700,8 +15710,8 @@ CVE-2022-35402
 	RESERVED
 CVE-2022-2353 (Prior to microweber/microweber v1.2.20, due to improper neutralization ...)
 	NOT-FOR-US: microweber
-CVE-2022-2352
-	RESERVED
+CVE-2022-2352 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not  ...)
+	TODO: check
 CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2350
@@ -27832,8 +27842,8 @@ CVE-2022-1757 (The pagebar WordPress plugin before 2.70 does not have CSRF check
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize and esc ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-1755
-	RESERVED
+CVE-2022-1755 (The SVG Support WordPress plugin before 2.5 does not properly handle S ...)
+	TODO: check
 CVE-2022-30972 (A cross-site request forgery (CSRF) vulnerability in Jenkins Storable  ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-30971 (Jenkins Storable Configs Plugin 1.0 and earlier does not configure its ...)
@@ -29868,8 +29878,8 @@ CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable rando
 	NOTE: https://gitlab.com/samba-team/samba/-/commit/9849e7440e30853c61a80ce1f11b7b244ed766fe (samba-4.17.0rc1)
 CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visi ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-1613
-	RESERVED
+CVE-2022-1613 (The Restricted Site Access WordPress plugin before 7.3.2 prioritizes g ...)
+	TODO: check
 CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not protect i ...)
@@ -30701,8 +30711,8 @@ CVE-2022-30005
 	RESERVED
 CVE-2022-30004
 	RESERVED
-CVE-2022-30003
-	RESERVED
+CVE-2022-30003 (Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Sit ...)
+	TODO: check
 CVE-2022-30002 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...)
 	NOT-FOR-US: Sourcecodester Insurance Management System
 CVE-2022-30001 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...)
@@ -34470,10 +34480,10 @@ CVE-2022-28724
 	RESERVED
 CVE-2022-28723
 	RESERVED
-CVE-2022-28722
-	RESERVED
-CVE-2022-28721
-	RESERVED
+CVE-2022-28722 (Certain HP Print Products are potentially vulnerable to Buffer Overflo ...)
+	TODO: check
+CVE-2022-28721 (Certain HP Print Products are potentially vulnerable to Remote Code Ex ...)
+	TODO: check
 CVE-2022-28720
 	RESERVED
 CVE-2022-28711 (A memory corruption vulnerability exists in the cgi.c unescape functio ...)
@@ -57514,8 +57524,7 @@ CVE-2022-22060
 	RESERVED
 CVE-2022-22059 (Memory corruption due to out of bound read while parsing a video file  ...)
 	NOT-FOR-US: Snapdragon
-CVE-2022-22058
-	RESERVED
+CVE-2022-22058 (Memory corruption due to use after free issue in kernel while processi ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-22057 (Use after free in graphics fence due to a race condition while closing ...)
 	NOT-FOR-US: Snapdragon
@@ -72806,8 +72815,8 @@ CVE-2021-41439
 	REJECTED
 CVE-2021-41438
 	REJECTED
-CVE-2021-41437
-	RESERVED
+CVE-2021-41437 (An HTTP response splitting attack in web application in ASUS RT-AX88U  ...)
+	TODO: check
 CVE-2021-41436 (An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX ...)
 	NOT-FOR-US: ASUS
 CVE-2021-41435 (A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapt ...)
@@ -107031,8 +107040,8 @@ CVE-2021-28054 (An issue was discovered in Centreon-Web in Centreon Platform 20.
 	- centreon-web <itp> (bug #913903)
 CVE-2021-28053 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.  ...)
 	- centreon-web <itp> (bug #913903)
-CVE-2021-28052
-	RESERVED
+CVE-2021-28052 (A tenant administrator Hitachi Content Platform (HCP) may modify the c ...)
+	TODO: check
 CVE-2021-28051
 	RESERVED
 CVE-2021-28050
@@ -114934,8 +114943,8 @@ CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced Fo
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.4.8 does not s ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24890
-	RESERVED
+CVE-2021-24890 (The Scripts Organizer WordPress plugin before 3.0 does not have capabi ...)
+	TODO: check
 CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not es ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...)
@@ -115408,7 +115417,7 @@ CVE-2021-24655 (The WP User Manager WordPress plugin before 2.6.3 does not ensur
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitis ...)
+CVE-2021-24653 (The Cookie Bar WordPress plugin before 1.8.9 doesn't properly sanitise ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39db614a808c0ba670f31757f35c434df8aa797

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39db614a808c0ba670f31757f35c434df8aa797
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220926/3373a1ce/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list