[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 29 09:10:27 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f6e88d4d by security tracker role at 2022-09-29T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2022-41768
+ RESERVED
+CVE-2022-41767
+ RESERVED
+CVE-2022-41766
+ RESERVED
+CVE-2022-41765
+ RESERVED
+CVE-2022-41764
+ RESERVED
+CVE-2022-41763
+ RESERVED
+CVE-2022-41762
+ RESERVED
+CVE-2022-41761
+ RESERVED
+CVE-2022-41760
+ RESERVED
+CVE-2022-41759
+ RESERVED
+CVE-2022-41758
+ RESERVED
+CVE-2022-41757
+ RESERVED
+CVE-2022-41756
+ RESERVED
+CVE-2022-41755
+ RESERVED
+CVE-2022-41754
+ RESERVED
+CVE-2022-41753
+ RESERVED
+CVE-2022-41752
+ RESERVED
+CVE-2022-41751
+ RESERVED
+CVE-2022-41750
+ RESERVED
+CVE-2022-41749
+ RESERVED
+CVE-2022-41748
+ RESERVED
+CVE-2022-41747
+ RESERVED
+CVE-2022-41746
+ RESERVED
+CVE-2022-41745
+ RESERVED
+CVE-2022-41744
+ RESERVED
+CVE-2022-41700
+ RESERVED
+CVE-2022-41646
+ RESERVED
+CVE-2022-41628
+ RESERVED
+CVE-2022-41614
+ RESERVED
+CVE-2022-40974
+ RESERVED
+CVE-2022-40685
+ RESERVED
+CVE-2022-40207
+ RESERVED
+CVE-2022-38101
+ RESERVED
+CVE-2022-37410
+ RESERVED
+CVE-2022-37409
+ RESERVED
CVE-2022-41743
RESERVED
CVE-2022-41742
@@ -434,8 +504,8 @@ CVE-2022-3328
RESERVED
CVE-2022-3327
RESERVED
-CVE-2022-3326
- RESERVED
+CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
+ TODO: check
CVE-2022-3325
RESERVED
CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
@@ -999,8 +1069,8 @@ CVE-2022-3294
RESERVED
CVE-2022-3293
RESERVED
-CVE-2022-3292
- RESERVED
+CVE-2022-3292 (Use of Cache Containing Sensitive Information in GitHub repository iku ...)
+ TODO: check
CVE-2022-41336
RESERVED
CVE-2022-41335
@@ -2477,14 +2547,14 @@ CVE-2022-40712 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS ex
NOT-FOR-US: NOKIA
CVE-2022-40711
RESERVED
-CVE-2022-40710
- RESERVED
-CVE-2022-40709
- RESERVED
-CVE-2022-40708
- RESERVED
-CVE-2022-40707
- RESERVED
+CVE-2022-40710 (A link following vulnerability in Trend Micro Deep Security 20 and Clo ...)
+ TODO: check
+CVE-2022-40709 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...)
+ TODO: check
+CVE-2022-40708 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...)
+ TODO: check
+CVE-2022-40707 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...)
+ TODO: check
CVE-2022-3219
RESERVED
CVE-2022-3218 (Due to a reliance on client-side authentication, the WiFi Mouse (Mouse ...)
@@ -2581,8 +2651,8 @@ CVE-2022-33978
RESERVED
CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and classifi ...)
NOT-FOR-US: Nintendo Game Boy Color
-CVE-2022-3215
- RESERVED
+CVE-2022-3215 (NIOHTTP1 and projects using it for generating HTTP responses can be su ...)
+ TODO: check
CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...)
NOT-FOR-US: Delta
CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...)
@@ -3494,7 +3564,7 @@ CVE-2022-40299 (In Singular before 4.3.1, a predictable /tmp pathname is used (e
NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
CVE-2022-40298 (Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited p ...)
NOT-FOR-US: Crestron
-CVE-2022-40297 (UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be use ...)
+CVE-2022-40297 (** DISPUTED ** UBports Ubuntu Touch 16.04 allows the screen-unlock pas ...)
NOT-FOR-US: UBports Ubuntu Touch
CVE-2022-40296
RESERVED
@@ -4087,8 +4157,8 @@ CVE-2022-40050 (ZFile v4.1.1 was discovered to contain an arbitrary file upload
TODO: check
CVE-2022-40049
RESERVED
-CVE-2022-40048
- RESERVED
+CVE-2022-40048 (Flatpress v1.2.1 was discovered to contain a remote code execution (RC ...)
+ TODO: check
CVE-2022-40047
RESERVED
CVE-2022-40046
@@ -5771,10 +5841,10 @@ CVE-2022-39266
RESERVED
CVE-2022-39265
RESERVED
-CVE-2022-39264
- RESERVED
-CVE-2022-39263
- RESERVED
+CVE-2022-39264 (nheko is a desktop client for the Matrix communication application. Al ...)
+ TODO: check
+CVE-2022-39263 (`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for Ne ...)
+ TODO: check
CVE-2022-39262
RESERVED
CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x ...)
@@ -5787,30 +5857,30 @@ CVE-2022-39259
RESERVED
CVE-2022-39258 (mailcow is a mailserver suite. A vulnerability innversions prior to 20 ...)
NOT-FOR-US: mailcow
-CVE-2022-39257
- RESERVED
+CVE-2022-39257 (Matrix iOS SDK allows developers to build iOS apps compatible with Mat ...)
+ TODO: check
CVE-2022-39256 (Orckestra C1 CMS is a .NET based Web Content Management System. A vuln ...)
NOT-FOR-US: Orckestra C1 CMS
-CVE-2022-39255
- RESERVED
+CVE-2022-39255 (Matrix iOS SDK allows developers to build iOS apps compatible with Mat ...)
+ TODO: check
CVE-2022-39254
RESERVED
CVE-2022-39253
RESERVED
CVE-2022-39252
RESERVED
-CVE-2022-39251
- RESERVED
+CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...)
+ TODO: check
CVE-2022-39250
RESERVED
-CVE-2022-39249
- RESERVED
-CVE-2022-39248
- RESERVED
+CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...)
+ TODO: check
+CVE-2022-39248 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...)
+ TODO: check
CVE-2022-39247
RESERVED
-CVE-2022-39246
- RESERVED
+CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...)
+ TODO: check
CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...)
TODO: check
CVE-2022-39244
@@ -5985,8 +6055,8 @@ CVE-2022-39175
RESERVED
CVE-2022-39174
RESERVED
-CVE-2022-39173
- RESERVED
+CVE-2022-39173 (In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow ...)
+ TODO: check
CVE-2022-39172
RESERVED
CVE-2022-39171
@@ -12628,8 +12698,8 @@ CVE-2022-36783
RESERVED
CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerabi ...)
NOT-FOR-US: Pal Electronics Systems
-CVE-2022-36781
- RESERVED
+CVE-2022-36781 (WiseConnect - ScreenConnect Session Code Bypass. An attacker would hav ...)
+ TODO: check
CVE-2022-36780 (Avdor CIS - crystal quality Credentials Management Errors. The product ...)
NOT-FOR-US: Avdor CIS
CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (w ...)
@@ -14895,8 +14965,8 @@ CVE-2022-35890 (An issue was discovered in Inductive Automation Ignition before
NOT-FOR-US: Inductive Automation Ignition
CVE-2022-35889
RESERVED
-CVE-2022-35888
- RESERVED
+CVE-2022-35888 (Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow att ...)
+ TODO: check
CVE-2022-35887
RESERVED
CVE-2022-35886
@@ -19003,8 +19073,8 @@ CVE-2022-34426
RESERVED
CVE-2022-34425
RESERVED
-CVE-2022-34424
- RESERVED
+CVE-2022-34424 (Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a v ...)
+ TODO: check
CVE-2022-34423
RESERVED
CVE-2022-34422
@@ -19063,8 +19133,8 @@ CVE-2022-34396
RESERVED
CVE-2022-34395
RESERVED
-CVE-2022-34394
- RESERVED
+CVE-2022-34394 (Dell OS10, version 10.5.3.4, contains an Improper Certificate Validati ...)
+ TODO: check
CVE-2022-34393
RESERVED
CVE-2022-34392
@@ -22845,7 +22915,7 @@ CVE-2022-32888
CVE-2022-32887
RESERVED
CVE-2022-32886 (A buffer overflow issue was addressed with improved memory handling. T ...)
- {DSA-5241-1 DSA-5240-1}
+ {DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
@@ -26348,15 +26418,13 @@ CVE-2022-31631
RESERVED
CVE-2022-31630
RESERVED
-CVE-2022-31629 [Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning]
- RESERVED
+CVE-2022-31629 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ...)
- php8.1 <unfixed>
- php7.4 <removed>
- php7.3 <removed>
NOTE: Fixed in 8.1.11
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81727
-CVE-2022-31628 [phar wrapper: DOS when using quine gzip file]
- RESERVED
+CVE-2022-31628 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ...)
- php8.1 <unfixed>
- php7.4 <removed>
- php7.3 <removed>
@@ -34022,8 +34090,8 @@ CVE-2022-29091 (Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.
NOT-FOR-US: Dell
CVE-2022-29090 (Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data E ...)
NOT-FOR-US: Dell Wyse Management Suite
-CVE-2022-29089
- RESERVED
+CVE-2022-29089 (Dell Networking OS10, versions prior to October 2021 with Smart Fabric ...)
+ TODO: check
CVE-2022-29088
RESERVED
CVE-2022-29087
@@ -50674,8 +50742,8 @@ CVE-2022-23718 (PingID Windows Login prior to 2.8 uses known vulnerable componen
NOT-FOR-US: PingID Integration for Windows Login
CVE-2022-23717 (PingID Windows Login prior to 2.8 is vulnerable to a denial of service ...)
NOT-FOR-US: PingID Integration for Windows Login
-CVE-2022-23716
- RESERVED
+CVE-2022-23716 (A flaw was discovered in ECE before 3.1.1 that could lead to the discl ...)
+ TODO: check
CVE-2022-23715 (A flaw was discovered in ECE before 3.4.0 that might lead to the discl ...)
NOT-FOR-US: Elastic Cloud Enterprise
CVE-2022-23714 (A local privilege escalation (LPE) issue was discovered in the ransomw ...)
@@ -66129,10 +66197,10 @@ CVE-2021-43364
RESERVED
CVE-2021-43363
RESERVED
-CVE-2021-43362
- RESERVED
-CVE-2021-43361
- RESERVED
+CVE-2021-43362 (Due to improper sanitization MedData HBYS software suffers from a remo ...)
+ TODO: check
+CVE-2021-43361 (Due to improper sanitization MedData HBYS software suffers from a remo ...)
+ TODO: check
CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule’s serialization functi ...)
NOT-FOR-US: Sunnet eHRD
CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allows a re ...)
@@ -181222,8 +181290,8 @@ CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing manipulated
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...)
NOT-FOR-US: IntelMQ Manager
-CVE-2020-11015
- RESERVED
+CVE-2020-11015 (A vulnerability has been disclosed in thinx-device-api IoT Device Mana ...)
+ TODO: check
CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token ...)
NOT-FOR-US: Electron-Cash-SLP
CVE-2020-11013 (Their is an information disclosure vulnerability in Helm from version ...)
@@ -250688,8 +250756,7 @@ CVE-2019-5798 (Lack of correct bounds checking in Skia in Google Chrome prior to
- thunderbird 1:60.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-5798
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-5798
-CVE-2019-5797
- RESERVED
+CVE-2019-5797 (Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allow ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5796 (Data race in extensions guest view in Google Chrome prior to 73.0.3683 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6e88d4dcb3635c4379a67ba598f72f99d7c3dbf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6e88d4dcb3635c4379a67ba598f72f99d7c3dbf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220929/4904429a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list