[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 28 21:10:31 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c33a8b31 by security tracker role at 2022-09-28T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,133 @@
+CVE-2022-41743
+ RESERVED
+CVE-2022-41742
+ RESERVED
+CVE-2022-41741
+ RESERVED
+CVE-2022-41740
+ RESERVED
+CVE-2022-41739
+ RESERVED
+CVE-2022-41738
+ RESERVED
+CVE-2022-41737
+ RESERVED
+CVE-2022-41736
+ RESERVED
+CVE-2022-41735
+ RESERVED
+CVE-2022-41734
+ RESERVED
+CVE-2022-41733
+ RESERVED
+CVE-2022-41732
+ RESERVED
+CVE-2022-41731
+ RESERVED
+CVE-2022-41730
+ RESERVED
+CVE-2022-41729
+ RESERVED
+CVE-2022-41728
+ RESERVED
+CVE-2022-41727
+ RESERVED
+CVE-2022-41726
+ RESERVED
+CVE-2022-41725
+ RESERVED
+CVE-2022-41724
+ RESERVED
+CVE-2022-41723
+ RESERVED
+CVE-2022-41722
+ RESERVED
+CVE-2022-41721
+ RESERVED
+CVE-2022-41720
+ RESERVED
+CVE-2022-41719
+ RESERVED
+CVE-2022-41718
+ RESERVED
+CVE-2022-41717
+ RESERVED
+CVE-2022-41716
+ RESERVED
+CVE-2022-41715
+ RESERVED
+CVE-2022-41714
+ RESERVED
+CVE-2022-41713
+ RESERVED
+CVE-2022-41712
+ RESERVED
+CVE-2022-41711
+ RESERVED
+CVE-2022-41710
+ RESERVED
+CVE-2022-41709
+ RESERVED
+CVE-2022-41708
+ RESERVED
+CVE-2022-41707
+ RESERVED
+CVE-2022-41706
+ RESERVED
+CVE-2022-41705
+ RESERVED
+CVE-2022-41704
+ RESERVED
+CVE-2022-41703
+ RESERVED
+CVE-2022-41690
+ RESERVED
+CVE-2022-41689
+ RESERVED
+CVE-2022-41682
+ RESERVED
+CVE-2022-41681
+ RESERVED
+CVE-2022-41680
+ RESERVED
+CVE-2022-41679
+ RESERVED
+CVE-2022-41678
+ RESERVED
+CVE-2022-41677
+ RESERVED
+CVE-2022-41658
+ RESERVED
+CVE-2022-41637
+ RESERVED
+CVE-2022-41626
+ RESERVED
+CVE-2022-41341
+ RESERVED
+CVE-2022-40689
+ RESERVED
+CVE-2022-40688
+ RESERVED
+CVE-2022-38787
+ RESERVED
+CVE-2022-38786
+ RESERVED
+CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and classified ...)
+ TODO: check
+CVE-2022-3353
+ RESERVED
+CVE-2022-3352
+ RESERVED
+CVE-2022-3351
+ RESERVED
+CVE-2022-3350
+ RESERVED
+CVE-2022-3349 (A vulnerability was found in Sony PS4 and PS5. It has been classified ...)
+ TODO: check
+CVE-2022-3348 (Just like in the previous report, an attacker could steal the account ...)
+ TODO: check
+CVE-2021-46841
+ RESERVED
CVE-2022-41676
RESERVED
CVE-2022-41675
@@ -318,6 +448,7 @@ CVE-2022-41557
RESERVED
CVE-2022-41556 [handle RDHUP when collecting chunked body]
RESERVED
+ {DSA-5243-1}
- lighttpd 1.4.67-1
NOTE: https://github.com/lighttpd/lighttpd1.4/pull/115
NOTE: https://github.com/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 (lighttpd-1.4.67)
@@ -333,62 +464,77 @@ CVE-2022-3319
RESERVED
CVE-2022-3318
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3317
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3316
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3315
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3314
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3313
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3312
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3311
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3310
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3309
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3308
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3307
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3306
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3305
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3304
RESERVED
+ {DSA-5244-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3303 (A race condition flaw was found in the Linux kernel sound subsystem du ...)
@@ -883,8 +1029,8 @@ CVE-2022-3289
RESERVED
CVE-2022-3288
RESERVED
-CVE-2022-3287
- RESERVED
+CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish plugin ...)
+ TODO: check
CVE-2022-3286
RESERVED
CVE-2022-3285
@@ -1822,8 +1968,8 @@ CVE-2022-40944
RESERVED
CVE-2022-40943
RESERVED
-CVE-2022-40942
- RESERVED
+CVE-2022-40942 (Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow vi ...)
+ TODO: check
CVE-2022-40941
RESERVED
CVE-2022-40940
@@ -1848,8 +1994,8 @@ CVE-2022-40931
RESERVED
CVE-2022-40930
RESERVED
-CVE-2022-40929
- RESERVED
+CVE-2022-40929 (XXL-JOB 2.2.0 has a Command execution vulnerability in background task ...)
+ TODO: check
CVE-2022-40928 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...)
NOT-FOR-US: Online Leave Management System
CVE-2022-40927 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...)
@@ -1882,8 +2028,8 @@ CVE-2022-40914
RESERVED
CVE-2022-40913
RESERVED
-CVE-2022-40912
- RESERVED
+CVE-2022-40912 (ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnera ...)
+ TODO: check
CVE-2022-40911
RESERVED
CVE-2022-40910
@@ -2572,7 +2718,7 @@ CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Jo
[buster] - linux 4.19.249-1
NOTE: https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47 (5.18-rc1)
CVE-2022-3201 (Insufficient validation of untrusted input in DevTools in Google Chrom ...)
- {DSA-5230-1}
+ {DSA-5244-1 DSA-5230-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3200 (Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195 ...)
@@ -2601,8 +2747,7 @@ CVE-2022-3195 (Out of bounds write in Storage in Google Chrome prior to 105.0.51
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3194
RESERVED
-CVE-2022-3193
- RESERVED
+CVE-2022-3193 (An HTML injection/reflected Cross-site scripting (XSS) vulnerability w ...)
NOT-FOR-US: ovirt-engine
CVE-2022-40630 (This vulnerability exists in Tacitine Firewall, all versions of EN6200 ...)
NOT-FOR-US: Tacitine Firewall
@@ -2940,8 +3085,8 @@ CVE-2022-40488
RESERVED
CVE-2022-40487
RESERVED
-CVE-2022-40486
- RESERVED
+CVE-2022-40486 (TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 5745 ...)
+ TODO: check
CVE-2022-40485 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
NOT-FOR-US: Wedding Planner
CVE-2022-40484 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
@@ -3871,10 +4016,10 @@ CVE-2022-40085
RESERVED
CVE-2022-40084
RESERVED
-CVE-2022-40083
- RESERVED
-CVE-2022-40082
- RESERVED
+CVE-2022-40083 (Labstack Echo v4.8.0 was discovered to contain an open redirect vulner ...)
+ TODO: check
+CVE-2022-40082 (Hertz v0.3.0 ws discovered to contain a path traversal vulnerability v ...)
+ TODO: check
CVE-2022-40081
RESERVED
CVE-2022-40080
@@ -5627,8 +5772,8 @@ CVE-2022-39263
RESERVED
CVE-2022-39262
RESERVED
-CVE-2022-39261
- RESERVED
+CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x ...)
+ TODO: check
CVE-2022-39260
RESERVED
CVE-2022-39259
@@ -5677,8 +5822,8 @@ CVE-2022-39238 (Arvados is an open source platform for managing and analyzing bi
TODO: check
CVE-2022-39237
RESERVED
-CVE-2022-39236
- RESERVED
+CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...)
+ TODO: check
CVE-2022-39235
RESERVED
CVE-2022-39234
@@ -6505,8 +6650,8 @@ CVE-2022-38936 (An issue has been found in PBC through 2022-8-27. A SEGV issue d
TODO: check
CVE-2022-38935
RESERVED
-CVE-2022-38934
- RESERVED
+CVE-2022-38934 (readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabiliti ...)
+ TODO: check
CVE-2022-38933
RESERVED
CVE-2022-38932 (readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsi ...)
@@ -8981,8 +9126,8 @@ CVE-2022-2762
RESERVED
CVE-2022-2761
RESERVED
-CVE-2022-2760
- RESERVED
+CVE-2022-2760 (In affected versions of Octopus Deploy it is possible to reveal the Sp ...)
+ TODO: check
CVE-2022-38169
RESERVED
CVE-2022-38168
@@ -9862,6 +10007,7 @@ CVE-2022-37799 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack over
CVE-2022-37798 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...)
NOT-FOR-US: Tenda
CVE-2022-37797 (In lighttpd 1.4.65, mod_wstunnel does not initialize a handler functio ...)
+ {DSA-5243-1}
- lighttpd 1.4.66-1
[buster] - lighttpd <no-dsa> (Minor issue)
NOTE: https://redmine.lighttpd.net/issues/3165
@@ -12495,8 +12641,8 @@ CVE-2022-36773 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to
NOT-FOR-US: IBM
CVE-2022-36772
RESERVED
-CVE-2022-36771
- RESERVED
+CVE-2022-36771 (IBM QRadar User Behavior Analytics could allow an authenticated user t ...)
+ TODO: check
CVE-2022-36770
RESERVED
CVE-2022-36769
@@ -13168,8 +13314,8 @@ CVE-2022-36450 (Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-
NOT-FOR-US: Obsidian
CVE-2022-36449 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
NOT-FOR-US: ARM Mali GPU driver
-CVE-2022-36448
- RESERVED
+CVE-2022-36448 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
CVE-2022-36447 (An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. ...)
NOT-FOR-US: Chia Network CAT1 Standard
CVE-2022-36446 (software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a U ...)
@@ -15169,8 +15315,8 @@ CVE-2022-35724 (It is possible to provide data to be read that leads the reader
NOT-FOR-US: Apache Avro
CVE-2022-35723
RESERVED
-CVE-2022-35722
- RESERVED
+CVE-2022-35722 (IBM Jazz for Service Management is vulnerable to stored cross-site scr ...)
+ TODO: check
CVE-2022-35721 (IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-si ...)
NOT-FOR-US: IBM
CVE-2022-35720
@@ -16349,8 +16495,8 @@ CVE-2022-35284 (IBM Security Verify Information Queue 10.0.2 could disclose sens
NOT-FOR-US: IBM
CVE-2022-35283 (IBM Security Verify Information Queue 10.0.2 could allow an authentica ...)
NOT-FOR-US: IBM
-CVE-2022-35282
- RESERVED
+CVE-2022-35282 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ TODO: check
CVE-2022-35281
RESERVED
CVE-2022-35280 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not req ...)
@@ -22692,6 +22838,7 @@ CVE-2022-32888
CVE-2022-32887
RESERVED
CVE-2022-32886 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ {DSA-5241-1 DSA-5240-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
@@ -24679,16 +24826,16 @@ CVE-2022-32172
RESERVED
CVE-2022-32171
RESERVED
-CVE-2022-32170
- RESERVED
-CVE-2022-32169
- RESERVED
-CVE-2022-32168
- RESERVED
+CVE-2022-32170 (The “Bytebase” application does not restrict low privilege ...)
+ TODO: check
+CVE-2022-32169 (The “Bytebase” application does not restrict low privilege ...)
+ TODO: check
+CVE-2022-32168 (Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking wh ...)
+ TODO: check
CVE-2022-32167 (Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cros ...)
TODO: check
-CVE-2022-32166
- RESERVED
+CVE-2022-32166 (In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer o ...)
+ TODO: check
CVE-2022-32165
RESERVED
CVE-2022-32164
@@ -28496,8 +28643,8 @@ CVE-2022-1718 (The trudesk application allows large characters to insert in the
NOT-FOR-US: Trudesk
CVE-2022-30936
RESERVED
-CVE-2022-30935
- RESERVED
+CVE-2022-30935 (An authorization bypass in b2evolution allows remote, unauthenticated ...)
+ TODO: check
CVE-2022-30934
RESERVED
CVE-2022-30933
@@ -32343,7 +32490,7 @@ CVE-2019-25059 (Artifex Ghostscript through 9.26 mishandles .completefont. NOTE:
NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=430e219ea17a2650577d70021399c4ead05869e0
NOTE: Issue exists because of an incomplete fix for CVE-2019-3839
CVE-2022-29599 (In Apache Maven maven-shared-utils prior to version 3.3.3, the Command ...)
- {DLA-3086-1 DLA-3059-1}
+ {DSA-5242-1 DLA-3086-1 DLA-3059-1}
- maven-shared-utils 3.3.4-1 (bug #1012314)
NOTE: https://github.com/apache/maven-shared-utils/pull/40
NOTE: https://issues.apache.org/jira/browse/MSHARED-297
@@ -34605,18 +34752,18 @@ CVE-2022-28818 (ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are aff
NOT-FOR-US: Adobe
CVE-2022-28817
REJECTED
-CVE-2022-28816
- RESERVED
-CVE-2022-28815
- RESERVED
-CVE-2022-28814
- RESERVED
-CVE-2022-28813
- RESERVED
-CVE-2022-28812
- RESERVED
-CVE-2022-28811
- RESERVED
+CVE-2022-28816 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...)
+ TODO: check
+CVE-2022-28815 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...)
+ TODO: check
+CVE-2022-28814 (Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in V ...)
+ TODO: check
+CVE-2022-28813 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...)
+ TODO: check
+CVE-2022-28812 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...)
+ TODO: check
+CVE-2022-28811 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...)
+ TODO: check
CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-28809 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
@@ -34999,8 +35146,8 @@ CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate the
NOT-FOR-US: WordPress plugin
CVE-2022-1272
RESERVED
-CVE-2022-1270
- RESERVED
+CVE-2022-1270 (In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. ...)
+ TODO: check
CVE-2022-1269 (The Fast Flow WordPress plugin before 1.2.12 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1268 (The Donate Extra WordPress plugin through 2.02 does not sanitise and e ...)
@@ -54903,16 +55050,16 @@ CVE-2021-31564
RESERVED
CVE-2021-23229
RESERVED
-CVE-2022-22526
- RESERVED
-CVE-2022-22525
- RESERVED
-CVE-2022-22524
- RESERVED
-CVE-2022-22523
- RESERVED
-CVE-2022-22522
- RESERVED
+CVE-2022-22526 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...)
+ TODO: check
+CVE-2022-22525 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...)
+ TODO: check
+CVE-2022-22524 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...)
+ TODO: check
+CVE-2022-22523 (An improper authentication vulnerability exists in the Carlo Gavazzi U ...)
+ TODO: check
+CVE-2022-22522 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...)
+ TODO: check
CVE-2022-22521 (In Miele Benchmark Programming Tool with versions Prior to 1.2.71, exe ...)
NOT-FOR-US: Miele
CVE-2022-22520 (A remote, unauthenticated attacker can enumerate valid users by sendin ...)
@@ -55181,8 +55328,8 @@ CVE-2022-22389 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 1
NOT-FOR-US: IBM
CVE-2022-22388
RESERVED
-CVE-2022-22387
- RESERVED
+CVE-2022-22387 (IBM Application Gateway is vulnerable to cross-site scripting. This vu ...)
+ TODO: check
CVE-2022-22386
RESERVED
CVE-2022-22385
@@ -62996,8 +63143,7 @@ CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnera
NOT-FOR-US: Delta
CVE-2021-43981 (mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, ...)
NOT-FOR-US: mySCADA myPRO
-CVE-2021-43980
- RESERVED
+CVE-2021-43980 (The simplified implementation of blocking reads and writes introduced ...)
- tomcat9 9.0.62-1
- tomcat8 <removed>
NOTE: https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
@@ -73198,8 +73344,8 @@ CVE-2021-41436 (An HTTP request smuggling in web application in ASUS ROG Rapture
NOT-FOR-US: ASUS
CVE-2021-41435 (A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapt ...)
NOT-FOR-US: ASUS
-CVE-2021-41434
- RESERVED
+CVE-2021-41434 (A stored Cross-Site Scripting (XSS) vulnerability exists in version 1. ...)
+ TODO: check
CVE-2021-41433 (SQL Injection vulnerability exists in version 1.0 of the Resumes Manag ...)
TODO: check
CVE-2021-41432 (A stored cross-site scripting (XSS) vulnerability exists in FlatPress ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c33a8b318e4abdee853273b36f74c0e602c0b3fe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c33a8b318e4abdee853273b36f74c0e602c0b3fe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220928/d1cee860/attachment.htm>
More information about the debian-security-tracker-commits
mailing list