Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a82a9178 by security tracker role at 2022-09-14T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2022-40706
+ RESERVED
+CVE-2022-40705
+ RESERVED
+CVE-2022-40696
+ RESERVED
+CVE-2022-40684
+ RESERVED
+CVE-2022-40683
+ RESERVED
+CVE-2022-40682
+ RESERVED
+CVE-2022-40681
+ RESERVED
+CVE-2022-40680
+ RESERVED
+CVE-2022-40679
+ RESERVED
+CVE-2022-40678
+ RESERVED
+CVE-2022-40677
+ RESERVED
+CVE-2022-40676
+ RESERVED
+CVE-2022-40675
+ RESERVED
+CVE-2022-40672
+ RESERVED
+CVE-2022-40671
+ RESERVED
+CVE-2022-40632
+ RESERVED
+CVE-2022-40312
+ RESERVED
+CVE-2022-40310
+ RESERVED
+CVE-2022-40223
+ RESERVED
+CVE-2022-40219
+ RESERVED
+CVE-2022-40217
+ RESERVED
+CVE-2022-40215
+ RESERVED
+CVE-2022-40213
+ RESERVED
+CVE-2022-40211
+ RESERVED
+CVE-2022-40206
+ RESERVED
+CVE-2022-40205
+ RESERVED
+CVE-2022-40193
+ RESERVED
+CVE-2022-40131
+ RESERVED
+CVE-2022-38974
+ RESERVED
+CVE-2022-38468
+ RESERVED
+CVE-2022-38461
+ RESERVED
+CVE-2022-38454
+ RESERVED
+CVE-2022-38104
+ RESERVED
+CVE-2022-38079
+ RESERVED
+CVE-2022-38074
+ RESERVED
+CVE-2022-38073
+ RESERVED
+CVE-2022-36424
+ RESERVED
+CVE-2022-36417
+ RESERVED
+CVE-2022-36404
+ RESERVED
+CVE-2022-35238
+ RESERVED
+CVE-2022-33978
+ RESERVED
+CVE-2022-3216
+ RESERVED
+CVE-2022-3215
+ RESERVED
+CVE-2022-3214
+ RESERVED
+CVE-2022-3213
+ RESERVED
+CVE-2022-3212 (<bytes::Bytes as
axum_core::extract::FromRequest>::from_request ...)
+ TODO: check
+CVE-2022-3211
+ RESERVED
+CVE-2022-30545
+ RESERVED
+CVE-2020-36603
+ RESERVED
CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent
function i ...)
- expat <unfixed> (bug #1019761)
NOTE: https://github.com/libexpat/libexpat/pull/629
@@ -107,8 +205,7 @@ CVE-2022-3204
RESERVED
CVE-2022-3203
RESERVED
-CVE-2022-3202
- RESERVED
+CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in
Journal ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
@@ -4283,8 +4380,8 @@ CVE-2022-38798
RESERVED
CVE-2022-38797
RESERVED
-CVE-2022-38796
- RESERVED
+CVE-2022-38796 (A Host Header Injection vulnerability in Feehi CMS 2.1.1 may
allow an ...)
+ TODO: check
CVE-2022-38453 (Multiple binary application files on the CMS8000 device are
compiled w ...)
NOT-FOR-US: Contec Health
CVE-2022-38399 (Missing protection mechanism for alternate hardware interface
in SmaCa ...)
@@ -5409,8 +5506,8 @@ CVE-2022-2902
RESERVED
CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot
prior to ...)
NOT-FOR-US: chatwoot
-CVE-2022-2900
- RESERVED
+CVE-2022-2900 (Server-Side Request Forgery (SSRF) in GitHub repository
ionicabizau/pa ...)
+ TODO: check
CVE-2022-38464
RESERVED
CVE-2022-38463 (ServiceNow through San Diego Patch 4b and Patch 6 allows
reflected XSS ...)
@@ -7579,8 +7676,8 @@ CVE-2022-37663
RESERVED
CVE-2022-37662
RESERVED
-CVE-2022-37661
- RESERVED
+CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable
to Remo ...)
+ TODO: check
CVE-2022-37660
RESERVED
CVE-2022-37659
@@ -11650,12 +11747,12 @@ CVE-2022-36116 (An issue was discovered in Blue Prism
Enterprise 6.0 through 7.0
NOT-FOR-US: Blue Prism Enterprise
CVE-2022-36115 (An issue was discovered in Blue Prism Enterprise 6.0 through
7.01. In ...)
NOT-FOR-US: Blue Prism Enterprise
-CVE-2022-36114
- RESERVED
-CVE-2022-36113
- RESERVED
-CVE-2022-36112
- RESERVED
+CVE-2022-36114 (Cargo is a package manager for the rust programming language.
It was d ...)
+ TODO: check
+CVE-2022-36113 (Cargo is a package manager for the rust programming language.
After a ...)
+ TODO: check
+CVE-2022-36112 (GLPI stands for Gestionnaire Libre de Parc Informatique and is
a Free ...)
+ TODO: check
CVE-2022-36111
RESERVED
CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version
0.15.1, Impro ...)
@@ -12018,12 +12115,12 @@ CVE-2022-35948 (undici is an HTTP/1.1 client, written
from scratch for Node.js.`
- node-undici 5.8.2+dfsg1+~cs18.9.18.1-1
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3
NOTE:
https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80
(v5.8.2)
-CVE-2022-35947
- RESERVED
-CVE-2022-35946
- RESERVED
-CVE-2022-35945
- RESERVED
+CVE-2022-35947 (GLPI stands for Gestionnaire Libre de Parc Informatique and is
a Free ...)
+ TODO: check
+CVE-2022-35946 (GLPI stands for Gestionnaire Libre de Parc Informatique and is
a Free ...)
+ TODO: check
+CVE-2022-35945 (GLPI stands for Gestionnaire Libre de Parc Informatique and is
a Free ...)
+ TODO: check
CVE-2022-35944
RESERVED
CVE-2022-35943 (Shield is an authentication and authorization framework for
CodeIgnite ...)
@@ -14773,8 +14870,8 @@ CVE-2022-2279 (NULL Pointer Dereference in GitHub
repository bfabiszewski/libmob
NOTE:
https://github.com/bfabiszewski/libmobi/commit/c0699c8693c47f14a2e57dec7292e862ac7adf9c
(v0.11)
CVE-2022-2278 (The Featured Image from URL (FIFU) WordPress plugin before
4.0.1 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2277
- RESERVED
+CVE-2022-2277 (Improper Input Validation vulnerability exists in the Hitachi
Energy M ...)
+ TODO: check
CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible
to resen ...)
NOT-FOR-US: OpenVPN Access Server
CVE-2022-34893
@@ -21832,7 +21929,7 @@ CVE-2022-1973 (A use-after-free flaw was found in the
Linux kernel in log_replay
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f26967b9f7a830e228bb13fb41bd516ddd9d789d (5.19-rc1)
CVE-2022-1972
- RESERVED
+ REJECTED
{DSA-5161-1}
- linux 5.18.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -24519,7 +24616,7 @@ CVE-2022-27184 (The affected product is vulnerable to
an out-of-bounds write, wh
CVE-2022-1836
REJECTED
CVE-2022-1835
- RESERVED
+ REJECTED
CVE-2022-1834
RESERVED
{DSA-5158-1 DLA-3041-1}
@@ -24799,8 +24896,8 @@ CVE-2022-31189 (DSpace open source software is a
repository application which pr
NOT-FOR-US: DSpace
CVE-2022-31188 (CVAT is an opensource interactive video and image annotation
tool for ...)
NOT-FOR-US: cvat-ai/cvat
-CVE-2022-31187
- RESERVED
+CVE-2022-31187 (GLPI stands for Gestionnaire Libre de Parc Informatique and is
a Free ...)
+ TODO: check
CVE-2022-31186 (NextAuth.js is a complete open source authentication solution
for Next ...)
NOT-FOR-US: NextAuth.js
CVE-2022-31185 (mprweb is a hosting platform for the makedeb Package
Repository. Email ...)
@@ -24910,8 +25007,8 @@ CVE-2022-31144 (Redis is an in-memory database that
persists on disk. A speciall
[buster] - redis <not-affected> (Only affects 7.x)
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh
NOTE:
https://github.com/redis/redis/commit/15ae4e29e537e7ec37f0df1825d9fb2beea67124
-CVE-2022-31143
- RESERVED
+CVE-2022-31143 (GLPI stands for Gestionnaire Libre de Parc Informatique and is
a Free ...)
+ TODO: check
CVE-2022-31142 (@fastify/bearer-auth is a Fastify plugin to require bearer
Authorizati ...)
NOT-FOR-US: @fastify/bearer-auth
CVE-2022-31141
@@ -25394,8 +25491,8 @@ CVE-2022-1780 (The LaTeX for WordPress plugin through
3.4.10 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-1779 (The Auto Delete Posts WordPress plugin through 1.3.0 does not
have CSR ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1778
- RESERVED
+CVE-2022-1778 (Improper Input Validation vulnerability in Hitachi Energy
MicroSCADA X ...)
+ TODO: check
CVE-2022-1777 (The Filr WordPress plugin before 1.2.2.1 does not have
authorisation c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin
WordPress p ...)
@@ -28530,8 +28627,8 @@ CVE-2022-29928 (In JetBrains TeamCity before 2022.04
leak of secrets in TeamCity
NOT-FOR-US: JetBrains TeamCity
CVE-2022-29927 (In JetBrains TeamCity before 2022.04 reflected XSS on the
Build Chain ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2022-29922
- RESERVED
+CVE-2022-29922 (Improper Input Validation vulnerability in the handling of a
specially ...)
+ TODO: check
CVE-2022-29918
RESERVED
- firefox 100.0-1
@@ -28603,8 +28700,8 @@ CVE-2022-29909
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29909
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29909
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29909
-CVE-2022-29492
- RESERVED
+CVE-2022-29492 (Improper Input Validation vulnerability in the handling of a
malformed ...)
+ TODO: check
CVE-2022-29490 (Improper Authorization vulnerability exists in the Workplace X
WebUI o ...)
NOT-FOR-US: Workplace X
CVE-2022-1543 (Improper handling of Length parameter in GitHub repository
erudika/sco ...)
@@ -28841,7 +28938,7 @@ CVE-2022-29852
RESERVED
CVE-2022-29851
RESERVED
-CVE-2022-29850 (Various Lexmark products through 2022-04-27 allow External
Control of ...)
+CVE-2022-29850 (Various Lexmark products through 2022-04-27 allow an attacker
who has ...)
NOT-FOR-US: Lexmark
CVE-2022-29849 (In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9,
certain SU ...)
NOT-FOR-US: Progress OpenEdge
@@ -45140,7 +45237,8 @@ CVE-2022-24306 (Zoho ManageEngine SharePoint Manager
Plus before 4329 allows acc
NOT-FOR-US: Zoho ManageEngine
CVE-2022-24305 (Zoho ManageEngine SharePoint Manager Plus before 4329 is
vulnerable to ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-24304 (Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable
to prot ...)
+CVE-2022-24304
+ REJECTED
NOT-FOR-US: Mongoose
CVE-2022-24303 (Pillow before 9.0.1 allows attackers to delete files because
spaces in ...)
- pillow 9.0.1-1
@@ -52150,8 +52248,8 @@ CVE-2022-22522
RESERVED
CVE-2022-22521 (In Miele Benchmark Programming Tool with versions Prior to
1.2.71, exe ...)
NOT-FOR-US: Miele
-CVE-2022-22520
- RESERVED
+CVE-2022-22520 (A remote, unauthenticated attacker can enumerate valid users
by sendin ...)
+ TODO: check
CVE-2022-22519 (A remote, unauthenticated attacker can send a specific crafted
HTTP or ...)
NOT-FOR-US: CODESYS
CVE-2022-22518 (A bug in CmpUserMgr component can lead to only partially
applied secur ...)
@@ -53472,8 +53570,8 @@ CVE-2022-0031
RESERVED
CVE-2022-0030
RESERVED
-CVE-2022-0029
- RESERVED
+CVE-2022-0029 (An improper link resolution vulnerability in the Palo Alto
Networks Co ...)
+ TODO: check
CVE-2022-0028 (A PAN-OS URL filtering policy misconfiguration could allow a
network-b ...)
NOT-FOR-US: Palo Alto Networks
CVE-2022-0027 (An improper authorization vulnerability in Palo Alto Network
Cortex XS ...)
@@ -66888,8 +66986,8 @@ CVE-2022-20366 (In ioctl_dpm_clk_update of
lwis_ioctl.c, there is a possible out
NOT-FOR-US: Android
CVE-2022-20365 (Product: AndroidVersions: Android kernelAndroid ID:
A-229632566Referen ...)
NOT-FOR-US: Android
-CVE-2022-20364
- RESERVED
+CVE-2022-20364 (In sysmmu_unmap of TBD, there is a possible out of bounds
write due to ...)
+ TODO: check
CVE-2022-20363
RESERVED
CVE-2022-20362 (In Bluetooth, there is a possible out of bounds write due to
an intege ...)
@@ -67154,8 +67252,8 @@ CVE-2022-20233 (In param_find_digests_internal and
related functions of the Tita
NOT-FOR-US: Google Pixel
CVE-2022-20232
RESERVED
-CVE-2022-20231
- RESERVED
+CVE-2022-20231 (In smc_intc_request_fiq of arm_gic.c, there is a possible out
of bound ...)
+ TODO: check
CVE-2022-20230 (In choosePrivateKeyAlias of KeyChain.java, there is a possible
access ...)
NOT-FOR-US: Android
CVE-2022-20229 (In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc,
there i ...)
@@ -76761,8 +76859,8 @@ CVE-2021-38926 (IBM Db2 for Linux, UNIX and Windows
(includes Db2 Connect Server
NOT-FOR-US: IBM
CVE-2021-38925 (IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through
6.1.1.0 ...)
NOT-FOR-US: IBM
-CVE-2021-38924
- RESERVED
+CVE-2021-38924 (IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a
remote a ...)
+ TODO: check
CVE-2021-38923 (IBM PowerVM Hypervisor FW1010 could allow a privileged user to
gain ac ...)
NOT-FOR-US: IBM
CVE-2021-38922
@@ -87497,7 +87595,7 @@ CVE-2021-34576 (In Kaden PICOFLUX Air in all known
versions an information expos
NOT-FOR-US: Kaden PICOFLUX Air
CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions
<= 2.8.0 ...)
NOT-FOR-US: MB connect line
-CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions
<= 2.8.0 ...)
+CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz
myREX24 and ...)
NOT-FOR-US: MB connect line
CVE-2021-34573 (In Enbra EWM in Version 1.7.29 together with several tested
wireless M ...)
NOT-FOR-US: Enbra EWM
@@ -123357,15 +123455,15 @@ CVE-2020-35573 (srs2.c in PostSRSd before 1.10
allows remote attackers to cause
- postsrsd 1.10-1
[buster] - postsrsd 1.5-2+deb10u1
NOTE:
https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac
(1.10)
-CVE-2020-35570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and
mbCONNECT ...)
+CVE-2020-35570 (An issue was discovered in MB connect line mymbCONNECT24,
mbCONNECT24 ...)
NOT-FOR-US: MB CONNECT
CVE-2020-35569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and
mbCONNECT ...)
NOT-FOR-US: MB CONNECT
-CVE-2020-35568 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and
mbCONNECT ...)
+CVE-2020-35568 (An issue was discovered in MB connect line mymbCONNECT24,
mbCONNECT24 ...)
NOT-FOR-US: MB CONNECT
CVE-2020-35567 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and
mbCONNECT ...)
NOT-FOR-US: MB CONNECT
-CVE-2020-35566 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and
mbCONNECT ...)
+CVE-2020-35566 (An issue was discovered in MB connect line mymbCONNECT24,
mbCONNECT24 ...)
NOT-FOR-US: MB CONNECT
CVE-2020-35565 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and
mbCONNECT ...)
NOT-FOR-US: MB CONNECT
@@ -123375,15 +123473,15 @@ CVE-2020-35563 (An issue was discovered in MB
CONNECT LINE mymbCONNECT24 and mbC
NOT-FOR-US: MB CONNECT
CVE-2020-35562
RESERVED
-CVE-2020-35561 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and
mbCONNECT ...)
+CVE-2020-35561 (An issue was discovered MB connect line mymbCONNECT24,
mbCONNECT24 and ...)
NOT-FOR-US: MB CONNECT
CVE-2020-35560 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and
mbCONNECT ...)
NOT-FOR-US: MB CONNECT
CVE-2020-35559 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and
mbCONNECT ...)
NOT-FOR-US: MB CONNECT
-CVE-2020-35558 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and
mbCONNECT ...)
+CVE-2020-35558 (An issue was discovered in MB connect line mymbCONNECT24,
mbCONNECT24 ...)
NOT-FOR-US: MB CONNECT
-CVE-2020-35557 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and
mbCONNECT ...)
+CVE-2020-35557 (An issue in MB connect line mymbCONNECT24, mbCONNECT24 and
Helmholz my ...)
NOT-FOR-US: MB CONNECT
CVE-2020-35556 (An issue was discovered in Acronis Cyber Protect before 15
Update 1 bu ...)
NOT-FOR-US: Acronis
@@ -172966,7 +173064,7 @@ CVE-2020-12529 (An issue was discovered in MB connect
line mymbCONNECT24 and mbC
NOT-FOR-US: MB connect software
CVE-2020-12528 (An issue was discovered in MB connect line mymbCONNECT24 and
mbCONNECT ...)
NOT-FOR-US: MB connect software
-CVE-2020-12527 (An issue was discovered in MB connect line mymbCONNECT24 and
mbCONNECT ...)
+CVE-2020-12527 (An issue was discovered in MB connect line mymbCONNECT24,
mbCONNECT24 ...)
NOT-FOR-US: MB connect software
CVE-2020-12526 (TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC
Diagnostics U ...)
NOT-FOR-US: TwinCAT OPC UA Server
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a82a91788034eb82a720a328f9576de6fba1ad5c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a82a91788034eb82a720a328f9576de6fba1ad5c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
