[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 29 09:10:27 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6e88d4d by security tracker role at 2022-09-29T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2022-41768
+	RESERVED
+CVE-2022-41767
+	RESERVED
+CVE-2022-41766
+	RESERVED
+CVE-2022-41765
+	RESERVED
+CVE-2022-41764
+	RESERVED
+CVE-2022-41763
+	RESERVED
+CVE-2022-41762
+	RESERVED
+CVE-2022-41761
+	RESERVED
+CVE-2022-41760
+	RESERVED
+CVE-2022-41759
+	RESERVED
+CVE-2022-41758
+	RESERVED
+CVE-2022-41757
+	RESERVED
+CVE-2022-41756
+	RESERVED
+CVE-2022-41755
+	RESERVED
+CVE-2022-41754
+	RESERVED
+CVE-2022-41753
+	RESERVED
+CVE-2022-41752
+	RESERVED
+CVE-2022-41751
+	RESERVED
+CVE-2022-41750
+	RESERVED
+CVE-2022-41749
+	RESERVED
+CVE-2022-41748
+	RESERVED
+CVE-2022-41747
+	RESERVED
+CVE-2022-41746
+	RESERVED
+CVE-2022-41745
+	RESERVED
+CVE-2022-41744
+	RESERVED
+CVE-2022-41700
+	RESERVED
+CVE-2022-41646
+	RESERVED
+CVE-2022-41628
+	RESERVED
+CVE-2022-41614
+	RESERVED
+CVE-2022-40974
+	RESERVED
+CVE-2022-40685
+	RESERVED
+CVE-2022-40207
+	RESERVED
+CVE-2022-38101
+	RESERVED
+CVE-2022-37410
+	RESERVED
+CVE-2022-37409
+	RESERVED
 CVE-2022-41743
 	RESERVED
 CVE-2022-41742
@@ -434,8 +504,8 @@ CVE-2022-3328
 	RESERVED
 CVE-2022-3327
 	RESERVED
-CVE-2022-3326
-	RESERVED
+CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
+	TODO: check
 CVE-2022-3325
 	RESERVED
 CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
@@ -999,8 +1069,8 @@ CVE-2022-3294
 	RESERVED
 CVE-2022-3293
 	RESERVED
-CVE-2022-3292
-	RESERVED
+CVE-2022-3292 (Use of Cache Containing Sensitive Information in GitHub repository iku ...)
+	TODO: check
 CVE-2022-41336
 	RESERVED
 CVE-2022-41335
@@ -2477,14 +2547,14 @@ CVE-2022-40712 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS ex
 	NOT-FOR-US: NOKIA
 CVE-2022-40711
 	RESERVED
-CVE-2022-40710
-	RESERVED
-CVE-2022-40709
-	RESERVED
-CVE-2022-40708
-	RESERVED
-CVE-2022-40707
-	RESERVED
+CVE-2022-40710 (A link following vulnerability in Trend Micro Deep Security 20 and Clo ...)
+	TODO: check
+CVE-2022-40709 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...)
+	TODO: check
+CVE-2022-40708 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...)
+	TODO: check
+CVE-2022-40707 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...)
+	TODO: check
 CVE-2022-3219
 	RESERVED
 CVE-2022-3218 (Due to a reliance on client-side authentication, the WiFi Mouse (Mouse ...)
@@ -2581,8 +2651,8 @@ CVE-2022-33978
 	RESERVED
 CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and classifi ...)
 	NOT-FOR-US: Nintendo Game Boy Color
-CVE-2022-3215
-	RESERVED
+CVE-2022-3215 (NIOHTTP1 and projects using it for generating HTTP responses can be su ...)
+	TODO: check
 CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...)
 	NOT-FOR-US: Delta
 CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...)
@@ -3494,7 +3564,7 @@ CVE-2022-40299 (In Singular before 4.3.1, a predictable /tmp pathname is used (e
 	NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
 CVE-2022-40298 (Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited p ...)
 	NOT-FOR-US: Crestron
-CVE-2022-40297 (UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be use ...)
+CVE-2022-40297 (** DISPUTED ** UBports Ubuntu Touch 16.04 allows the screen-unlock pas ...)
 	NOT-FOR-US: UBports Ubuntu Touch
 CVE-2022-40296
 	RESERVED
@@ -4087,8 +4157,8 @@ CVE-2022-40050 (ZFile v4.1.1 was discovered to contain an arbitrary file upload
 	TODO: check
 CVE-2022-40049
 	RESERVED
-CVE-2022-40048
-	RESERVED
+CVE-2022-40048 (Flatpress v1.2.1 was discovered to contain a remote code execution (RC ...)
+	TODO: check
 CVE-2022-40047
 	RESERVED
 CVE-2022-40046
@@ -5771,10 +5841,10 @@ CVE-2022-39266
 	RESERVED
 CVE-2022-39265
 	RESERVED
-CVE-2022-39264
-	RESERVED
-CVE-2022-39263
-	RESERVED
+CVE-2022-39264 (nheko is a desktop client for the Matrix communication application. Al ...)
+	TODO: check
+CVE-2022-39263 (`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for Ne ...)
+	TODO: check
 CVE-2022-39262
 	RESERVED
 CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x ...)
@@ -5787,30 +5857,30 @@ CVE-2022-39259
 	RESERVED
 CVE-2022-39258 (mailcow is a mailserver suite. A vulnerability innversions prior to 20 ...)
 	NOT-FOR-US: mailcow
-CVE-2022-39257
-	RESERVED
+CVE-2022-39257 (Matrix iOS SDK allows developers to build iOS apps compatible with Mat ...)
+	TODO: check
 CVE-2022-39256 (Orckestra C1 CMS is a .NET based Web Content Management System. A vuln ...)
 	NOT-FOR-US: Orckestra C1 CMS
-CVE-2022-39255
-	RESERVED
+CVE-2022-39255 (Matrix iOS SDK allows developers to build iOS apps compatible with Mat ...)
+	TODO: check
 CVE-2022-39254
 	RESERVED
 CVE-2022-39253
 	RESERVED
 CVE-2022-39252
 	RESERVED
-CVE-2022-39251
-	RESERVED
+CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.  ...)
+	TODO: check
 CVE-2022-39250
 	RESERVED
-CVE-2022-39249
-	RESERVED
-CVE-2022-39248
-	RESERVED
+CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.  ...)
+	TODO: check
+CVE-2022-39248 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...)
+	TODO: check
 CVE-2022-39247
 	RESERVED
-CVE-2022-39246
-	RESERVED
+CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...)
+	TODO: check
 CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...)
 	TODO: check
 CVE-2022-39244
@@ -5985,8 +6055,8 @@ CVE-2022-39175
 	RESERVED
 CVE-2022-39174
 	RESERVED
-CVE-2022-39173
-	RESERVED
+CVE-2022-39173 (In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow ...)
+	TODO: check
 CVE-2022-39172
 	RESERVED
 CVE-2022-39171
@@ -12628,8 +12698,8 @@ CVE-2022-36783
 	RESERVED
 CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerabi ...)
 	NOT-FOR-US: Pal Electronics Systems
-CVE-2022-36781
-	RESERVED
+CVE-2022-36781 (WiseConnect - ScreenConnect Session Code Bypass. An attacker would hav ...)
+	TODO: check
 CVE-2022-36780 (Avdor CIS - crystal quality Credentials Management Errors. The product ...)
 	NOT-FOR-US: Avdor CIS
 CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (w ...)
@@ -14895,8 +14965,8 @@ CVE-2022-35890 (An issue was discovered in Inductive Automation Ignition before
 	NOT-FOR-US: Inductive Automation Ignition
 CVE-2022-35889
 	RESERVED
-CVE-2022-35888
-	RESERVED
+CVE-2022-35888 (Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow att ...)
+	TODO: check
 CVE-2022-35887
 	RESERVED
 CVE-2022-35886
@@ -19003,8 +19073,8 @@ CVE-2022-34426
 	RESERVED
 CVE-2022-34425
 	RESERVED
-CVE-2022-34424
-	RESERVED
+CVE-2022-34424 (Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a v ...)
+	TODO: check
 CVE-2022-34423
 	RESERVED
 CVE-2022-34422
@@ -19063,8 +19133,8 @@ CVE-2022-34396
 	RESERVED
 CVE-2022-34395
 	RESERVED
-CVE-2022-34394
-	RESERVED
+CVE-2022-34394 (Dell OS10, version 10.5.3.4, contains an Improper Certificate Validati ...)
+	TODO: check
 CVE-2022-34393
 	RESERVED
 CVE-2022-34392
@@ -22845,7 +22915,7 @@ CVE-2022-32888
 CVE-2022-32887
 	RESERVED
 CVE-2022-32886 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	{DSA-5241-1 DSA-5240-1}
+	{DSA-5241-1 DSA-5240-1 DLA-3124-1}
 	- webkit2gtk 2.38.0-1
 	- wpewebkit 2.38.0-1
 	NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
@@ -26348,15 +26418,13 @@ CVE-2022-31631
 	RESERVED
 CVE-2022-31630
 	RESERVED
-CVE-2022-31629 [Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning]
-	RESERVED
+CVE-2022-31629 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ...)
 	- php8.1 <unfixed>
 	- php7.4 <removed>
 	- php7.3 <removed>
 	NOTE: Fixed in 8.1.11
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81727
-CVE-2022-31628 [phar wrapper: DOS when using quine gzip file]
-	RESERVED
+CVE-2022-31628 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ...)
 	- php8.1 <unfixed>
 	- php7.4 <removed>
 	- php7.3 <removed>
@@ -34022,8 +34090,8 @@ CVE-2022-29091 (Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.
 	NOT-FOR-US: Dell
 CVE-2022-29090 (Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data E ...)
 	NOT-FOR-US: Dell Wyse Management Suite
-CVE-2022-29089
-	RESERVED
+CVE-2022-29089 (Dell Networking OS10, versions prior to October 2021 with Smart Fabric ...)
+	TODO: check
 CVE-2022-29088
 	RESERVED
 CVE-2022-29087
@@ -50674,8 +50742,8 @@ CVE-2022-23718 (PingID Windows Login prior to 2.8 uses known vulnerable componen
 	NOT-FOR-US: PingID Integration for Windows Login
 CVE-2022-23717 (PingID Windows Login prior to 2.8 is vulnerable to a denial of service ...)
 	NOT-FOR-US: PingID Integration for Windows Login
-CVE-2022-23716
-	RESERVED
+CVE-2022-23716 (A flaw was discovered in ECE before 3.1.1 that could lead to the discl ...)
+	TODO: check
 CVE-2022-23715 (A flaw was discovered in ECE before 3.4.0 that might lead to the discl ...)
 	NOT-FOR-US: Elastic Cloud Enterprise
 CVE-2022-23714 (A local privilege escalation (LPE) issue was discovered in the ransomw ...)
@@ -66129,10 +66197,10 @@ CVE-2021-43364
 	RESERVED
 CVE-2021-43363
 	RESERVED
-CVE-2021-43362
-	RESERVED
-CVE-2021-43361
-	RESERVED
+CVE-2021-43362 (Due to improper sanitization MedData HBYS software suffers from a remo ...)
+	TODO: check
+CVE-2021-43361 (Due to improper sanitization MedData HBYS software suffers from a remo ...)
+	TODO: check
 CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule’s serialization functi ...)
 	NOT-FOR-US: Sunnet eHRD
 CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allows a re ...)
@@ -181222,8 +181290,8 @@ CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing manipulated
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
 CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...)
 	NOT-FOR-US: IntelMQ Manager
-CVE-2020-11015
-	RESERVED
+CVE-2020-11015 (A vulnerability has been disclosed in thinx-device-api IoT Device Mana ...)
+	TODO: check
 CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token  ...)
 	NOT-FOR-US: Electron-Cash-SLP
 CVE-2020-11013 (Their is an information disclosure vulnerability in Helm from version  ...)
@@ -250688,8 +250756,7 @@ CVE-2019-5798 (Lack of correct bounds checking in Skia in Google Chrome prior to
 	- thunderbird 1:60.7.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-5798
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-5798
-CVE-2019-5797
-	RESERVED
+CVE-2019-5797 (Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allow ...)
 	{DSA-4421-1}
 	- chromium 73.0.3683.75-1
 CVE-2019-5796 (Data race in extensions guest view in Google Chrome prior to 73.0.3683 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6e88d4dcb3635c4379a67ba598f72f99d7c3dbf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6e88d4dcb3635c4379a67ba598f72f99d7c3dbf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220929/4904429a/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list