[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 29 21:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f573623c by security tracker role at 2022-09-29T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2022-41812
+ RESERVED
+CVE-2022-41811
+ RESERVED
+CVE-2022-41810
+ RESERVED
+CVE-2022-41809
+ RESERVED
+CVE-2022-41779
+ RESERVED
+CVE-2022-41778
+ RESERVED
+CVE-2022-41776
+ RESERVED
+CVE-2022-41773
+ RESERVED
+CVE-2022-41772
+ RESERVED
+CVE-2022-41702
+ RESERVED
+CVE-2022-41701
+ RESERVED
+CVE-2022-41697
+ RESERVED
+CVE-2022-41688
+ RESERVED
+CVE-2022-41683
+ RESERVED
+CVE-2022-41657
+ RESERVED
+CVE-2022-41654
+ RESERVED
+CVE-2022-41653
+ RESERVED
+CVE-2022-41651
+ RESERVED
+CVE-2022-41648
+ RESERVED
+CVE-2022-41644
+ RESERVED
+CVE-2022-41636
+ RESERVED
+CVE-2022-41629
+ RESERVED
+CVE-2022-41627
+ RESERVED
+CVE-2022-41613
+ RESERVED
+CVE-2022-41607
+ RESERVED
+CVE-2022-41555
+ RESERVED
+CVE-2022-41133
+ RESERVED
+CVE-2022-40981
+ RESERVED
+CVE-2022-40967
+ RESERVED
+CVE-2022-40965
+ RESERVED
+CVE-2022-40703
+ RESERVED
+CVE-2022-40204
+ RESERVED
+CVE-2022-40202
+ RESERVED
+CVE-2022-40201
+ RESERVED
+CVE-2022-40190
+ RESERVED
+CVE-2022-38355
+ RESERVED
+CVE-2022-38142
+ RESERVED
+CVE-2022-3361
+ RESERVED
+CVE-2022-3360
+ RESERVED
+CVE-2022-3359
+ RESERVED
+CVE-2022-3358
+ RESERVED
+CVE-2022-3357
+ RESERVED
+CVE-2022-3356
+ RESERVED
+CVE-2022-3355 (Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inv ...)
+ TODO: check
CVE-2022-41768
RESERVED
CVE-2022-41767
@@ -186,8 +274,8 @@ CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and classi
NOT-FOR-US: Open5GS
CVE-2022-3353
RESERVED
-CVE-2022-3352
- RESERVED
+CVE-2022-3352 (Use After Free in GitHub repository vim/vim prior to 9.0.0614. ...)
+ TODO: check
CVE-2022-3351
RESERVED
CVE-2022-3350
@@ -2062,8 +2150,8 @@ CVE-2022-40933 (Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL in
NOT-FOR-US: Online Pet Shop We App
CVE-2022-40932 (In Zoo Management System v1.0, there is an arbitrary file upload vulne ...)
NOT-FOR-US: Zoo Management System
-CVE-2022-40931
- RESERVED
+CVE-2022-40931 (dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (X ...)
+ TODO: check
CVE-2022-40930
RESERVED
CVE-2022-40929 (XXL-JOB 2.2.0 has a Command execution vulnerability in background task ...)
@@ -2144,14 +2232,14 @@ CVE-2022-40892
RESERVED
CVE-2022-40891
RESERVED
-CVE-2022-40890
- RESERVED
+CVE-2022-40890 (A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlie ...)
+ TODO: check
CVE-2022-40889
RESERVED
CVE-2022-40888
RESERVED
-CVE-2022-40887
- RESERVED
+CVE-2022-40887 (SourceCodester Best Student Result Management System 1.0 is vulnerable ...)
+ TODO: check
CVE-2022-40886
RESERVED
CVE-2022-40885
@@ -2166,8 +2254,8 @@ CVE-2022-40881
RESERVED
CVE-2022-40880
RESERVED
-CVE-2022-40879
- RESERVED
+CVE-2022-40879 (kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the ...)
+ TODO: check
CVE-2022-40878 (In Exam Reviewer Management System 1.0, an authenticated attacker can ...)
NOT-FOR-US: Exam Reviewer Management System
CVE-2022-40877 (Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via ...)
@@ -3181,14 +3269,14 @@ CVE-2022-40476 (A null pointer dereference issue was discovered in fs/io_uring.c
- linux <not-affected> (Vulnerable code never released in Debian unstable)
NOTE: https://lore.kernel.org/lkml/CAO4S-mdVW5GkODk0+vbQexNAAJZopwzFJ9ACvRCJ989fQ4A6Ow@mail.gmail.com/
NOTE: https://git.kernel.org/linus/386e4fb6962b9f248a80f8870aea0870ca603e89 (5.19-rc4)
-CVE-2022-40475
- RESERVED
+CVE-2022-40475 (TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a com ...)
+ TODO: check
CVE-2022-40474
RESERVED
CVE-2022-40473
RESERVED
-CVE-2022-40472
- RESERVED
+CVE-2022-40472 (ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721. ...)
+ TODO: check
CVE-2022-40471
RESERVED
CVE-2022-40470
@@ -3318,10 +3406,10 @@ CVE-2022-40410
RESERVED
CVE-2022-40409
RESERVED
-CVE-2022-40408
- RESERVED
-CVE-2022-40407
- RESERVED
+CVE-2022-40408 (FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) ...)
+ TODO: check
+CVE-2022-40407 (A zip slip vulnerability in the file upload function of Chamilo v1.11 ...)
+ TODO: check
CVE-2022-40406
RESERVED
CVE-2022-40405
@@ -3408,8 +3496,8 @@ CVE-2022-40365 (Cross site scripting (XSS) vulnerability in ouqiang gocron throu
NOT-FOR-US: ouqiang gocron (not the same as src:golang-github-go-co-op-gocron)
CVE-2022-40364
RESERVED
-CVE-2022-40363
- RESERVED
+CVE-2022-40363 (A buffer overflow in the component nfc_device_load_mifare_ul_data of F ...)
+ TODO: check
CVE-2022-40362
RESERVED
CVE-2022-40361
@@ -4002,8 +4090,8 @@ CVE-2022-3137
RESERVED
CVE-2022-3136
RESERVED
-CVE-2022-40126
- RESERVED
+CVE-2022-40126 (A misconfiguration in the Service Mode profile directory of Clash for ...)
+ TODO: check
CVE-2022-40125
RESERVED
CVE-2022-40124
@@ -5838,8 +5926,8 @@ CVE-2022-39268
RESERVED
CVE-2022-39267
RESERVED
-CVE-2022-39266
- RESERVED
+CVE-2022-39266 (isolated-vm is a library for nodejs which gives the user access to v8' ...)
+ TODO: check
CVE-2022-39265
RESERVED
CVE-2022-39264 (nheko is a desktop client for the Matrix communication application. Al ...)
@@ -5864,20 +5952,20 @@ CVE-2022-39256 (Orckestra C1 CMS is a .NET based Web Content Management System.
NOT-FOR-US: Orckestra C1 CMS
CVE-2022-39255 (Matrix iOS SDK allows developers to build iOS apps compatible with Mat ...)
NOT-FOR-US: Matrix iOS SDK
-CVE-2022-39254
- RESERVED
+CVE-2022-39254 (matrix-nio is a Python Matrix client library, designed according to sa ...)
+ TODO: check
CVE-2022-39253
RESERVED
-CVE-2022-39252
- RESERVED
+CVE-2022-39252 (matrix-rust-sdk is an implementation of a Matrix client-server library ...)
+ TODO: check
CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...)
- node-matrix-js-sdk <undetermined>
NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
TODO: check if affecting the nodejs version of matrix-js-sdk
-CVE-2022-39250
- RESERVED
+CVE-2022-39250 (Matrix JavaScript SDK is the Matrix Client-Server software development ...)
+ TODO: check
CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...)
- node-matrix-js-sdk <undetermined>
NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg
@@ -6083,8 +6171,8 @@ CVE-2022-39170 (libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in d
NOTE: https://www.prevanders.net/dwarfbug.html#DW202208-001
CVE-2022-39169
RESERVED
-CVE-2022-39168
- RESERVED
+CVE-2022-39168 (IBM Robotic Process Automation Clients are vulnerable to proxy credent ...)
+ TODO: check
CVE-2022-39167
RESERVED
CVE-2022-39166
@@ -7368,8 +7456,8 @@ CVE-2022-38734
RESERVED
CVE-2022-38733
RESERVED
-CVE-2022-38732
- RESERVED
+CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Security Poli ...)
+ TODO: check
CVE-2022-38731
RESERVED
CVE-2022-2985
@@ -16964,8 +17052,8 @@ CVE-2022-35139
RESERVED
CVE-2022-35138
RESERVED
-CVE-2022-35137
- RESERVED
+CVE-2022-35137 (DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain mult ...)
+ TODO: check
CVE-2022-35136
RESERVED
CVE-2022-35135
@@ -20673,8 +20761,8 @@ CVE-2022-2102 (Controls limiting uploads to certain file extensions may be bypas
NOT-FOR-US: Secheron
CVE-2022-2101 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-33880
- RESERVED
+CVE-2022-33880 (hms-staff.php in Projectworlds Hospital Management System Mini-Project ...)
+ TODO: check
CVE-2022-33879 (The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in ...)
- tika <unfixed> (bug #1015002)
[bullseye] - tika <no-dsa> (Minor issue)
@@ -32925,9 +33013,9 @@ CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software ma
CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all versions from ...)
- gitlab <unfixed>
CVE-2022-29504
- RESERVED
-CVE-2022-29503
- RESERVED
+ REJECTED
+CVE-2022-29503 (A memory corruption vulnerability exists in the libpthread linuxthread ...)
+ TODO: check
CVE-2022-1405 (CNCSoft: All versions prior to 1.01.32 does not properly sanitize inpu ...)
NOT-FOR-US: CNCSoft
CVE-2022-1404 (Delta Electronics CNCSoft (All versions prior to 1.01.32) does not pro ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f573623ccdbeecca04909fff7de3ac34c2023738
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f573623ccdbeecca04909fff7de3ac34c2023738
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220929/32763348/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list