Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
01e28e4c by security tracker role at 2022-09-20T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-41139
+ RESERVED
+CVE-2022-41138 (In Zutty before 0.13, DECRQSS in text written to the terminal
can achi ...)
+ TODO: check
+CVE-2022-41137
+ RESERVED
+CVE-2022-40704
+ RESERVED
+CVE-2022-40208
+ RESERVED
+CVE-2022-38066
+ RESERVED
+CVE-2022-3253
+ RESERVED
+CVE-2022-3252
+ RESERVED
+CVE-2022-3251
+ RESERVED
+CVE-2022-3250
+ RESERVED
+CVE-2022-3249
+ RESERVED
+CVE-2022-3248
+ RESERVED
+CVE-2022-3247
+ RESERVED
+CVE-2022-3246
+ RESERVED
+CVE-2022-3245 (HTML injection attack is closely related to Cross-site
Scripting (XSS) ...)
+ TODO: check
+CVE-2022-3244
+ RESERVED
+CVE-2022-3243
+ RESERVED
+CVE-2022-3242 (Code Injection in GitHub repository microweber/microweber prior
to 1.3 ...)
+ TODO: check
+CVE-2022-3241
+ RESERVED
+CVE-2017-20148 (In the ebuild package through logcheck-1.3.23.ebuild for
Logcheck on G ...)
+ TODO: check
+CVE-2017-20147 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing
on Gent ...)
+ TODO: check
+CVE-2016-20015 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing
on Gent ...)
+ TODO: check
CVE-2022-41131
RESERVED
CVE-2022-41130
@@ -346,8 +390,8 @@ CVE-2022-40956
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40956
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40956
-CVE-2022-40955
- RESERVED
+CVE-2022-40955 (In versions of Apache InLong prior to 1.3.0, an attacker with
sufficie ...)
+ TODO: check
CVE-2022-40954
RESERVED
CVE-2022-40701
@@ -1990,10 +2034,10 @@ CVE-2022-40264
RESERVED
CVE-2022-40263
RESERVED
-CVE-2022-40262
- RESERVED
-CVE-2022-40261
- RESERVED
+CVE-2022-40262 (A potential attacker can execute an arbitrary code at the time
of the ...)
+ TODO: check
+CVE-2022-40261 (An attacker can exploit this vulnerability to elevate
privileges from ...)
+ TODO: check
CVE-2022-40260
RESERVED
CVE-2022-40259
@@ -2014,16 +2058,16 @@ CVE-2022-40252
RESERVED
CVE-2022-40251
RESERVED
-CVE-2022-40250
- RESERVED
+CVE-2022-40250 (An attacker can exploit this vulnerability to elevate
privileges from ...)
+ TODO: check
CVE-2022-40249
RESERVED
CVE-2022-40248
RESERVED
CVE-2022-40247
RESERVED
-CVE-2022-40246
- RESERVED
+CVE-2022-40246 (A potential attacker can write one byte by arbitrary address
at the ti ...)
+ TODO: check
CVE-2022-40245
RESERVED
CVE-2022-40244
@@ -2651,8 +2695,8 @@ CVE-2022-39976
RESERVED
CVE-2022-39975
RESERVED
-CVE-2022-39974
- RESERVED
+CVE-2022-39974 (WASM3 v0.5.0 was discovered to contain a segmentation fault
via the co ...)
+ TODO: check
CVE-2022-39973
RESERVED
CVE-2022-39972
@@ -4617,8 +4661,8 @@ CVE-2022-3081
RESERVED
CVE-2022-3080
RESERVED
-CVE-2022-3079
- RESERVED
+CVE-2022-3079 (Festo control block CPX-CEC-C1 and CPX-CMXX in multiple
versions allow ...)
+ TODO: check
CVE-2022-3078 (An issue was discovered in the Linux kernel through 5.16-rc6.
There is ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
@@ -5034,10 +5078,10 @@ CVE-2022-38958
RESERVED
CVE-2022-38957
RESERVED
-CVE-2022-38956
- RESERVED
-CVE-2022-38955
- RESERVED
+CVE-2022-38956 (An exploitable firmware downgrade vulnerability was discovered
on the ...)
+ TODO: check
+CVE-2022-38955 (An exploitable firmware modification vulnerability was
discovered on t ...)
+ TODO: check
CVE-2022-38954
RESERVED
CVE-2022-38953
@@ -5114,8 +5158,8 @@ CVE-2022-38918
RESERVED
CVE-2022-38917
RESERVED
-CVE-2022-38916
- RESERVED
+CVE-2022-38916 (A file upload vulnerability exists in the storage feature of
pagekit 1 ...)
+ TODO: check
CVE-2022-38915
RESERVED
CVE-2022-38914
@@ -5543,18 +5587,18 @@ CVE-2022-3007
RESERVED
CVE-2022-3006
RESERVED
-CVE-2022-3005
- RESERVED
-CVE-2022-3004
- RESERVED
+CVE-2022-3005 (Cross-site Scripting (XSS) - Stored in GitHub repository
yetiforcecomp ...)
+ TODO: check
+CVE-2022-3004 (Cross-site Scripting (XSS) - Stored in GitHub repository
yetiforcecomp ...)
+ TODO: check
CVE-2022-3003
RESERVED
CVE-2022-3002
RESERVED
CVE-2022-3001 (This vulnerability exists in Milesight Video Management Systems
(VMS), ...)
NOT-FOR-US: Milesight Video Management Systems (VMS)
-CVE-2022-3000
- RESERVED
+CVE-2022-3000 (Cross-site Scripting (XSS) - Stored in GitHub repository
yetiforcecomp ...)
+ TODO: check
CVE-2022-38772 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP,
Network Co ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-38771 (The mobile application in Transtek Mojodat FAM (Fixed Asset
Management ...)
@@ -7031,8 +7075,8 @@ CVE-2022-38342 (Safe Software FME Server v2022.0.1.1 and
below was discovered to
NOT-FOR-US: Safe Software FME Server
CVE-2022-38341 (Safe Software FME Server v2022.0.1.1 and below does not employ
server- ...)
TODO: check
-CVE-2022-38340
- RESERVED
+CVE-2022-38340 (Safe Software FME Server v2022.0.1.1 and below was discovered
to conta ...)
+ TODO: check
CVE-2022-38339 (Safe Software FME Server v2022.0.1.1 and below contains a
cross-site s ...)
TODO: check
CVE-2022-38338
@@ -8013,8 +8057,8 @@ CVE-2022-37974
RESERVED
CVE-2022-37973
RESERVED
-CVE-2022-37972
- RESERVED
+CVE-2022-37972 (Microsoft Endpoint Configuration Manager Spoofing
Vulnerability. ...)
+ TODO: check
CVE-2022-37971
RESERVED
CVE-2022-37970
@@ -9838,8 +9882,8 @@ CVE-2022-37267
RESERVED
CVE-2022-37266 (Prototype pollution vulnerability in function extend in
babel.js in st ...)
TODO: check
-CVE-2022-37265
- RESERVED
+CVE-2022-37265 (Prototype pollution vulnerability in stealjs steal 2.2.4 via
the alias ...)
+ TODO: check
CVE-2022-37264 (Prototype pollution vulnerability in stealjs steal 2.2.4 via
the optio ...)
TODO: check
CVE-2022-37263
@@ -9850,8 +9894,8 @@ CVE-2022-37261
RESERVED
CVE-2022-37260 (A Regular Expression Denial of Service (ReDoS) flaw was found
in steal ...)
TODO: check
-CVE-2022-37259
- RESERVED
+CVE-2022-37259 (A Regular Expression Denial of Service (ReDoS) flaw was found
in steal ...)
+ TODO: check
CVE-2022-37258 (Prototype pollution vulnerability in function convertLater in
npm-conv ...)
TODO: check
CVE-2022-37257 (Prototype pollution vulnerability in function convertLater in
npm-conv ...)
@@ -9958,10 +10002,10 @@ CVE-2022-37207 (JFinal CMS 5.1.0 is affected by: SQL
Injection. These interfaces
NOT-FOR-US: JFinal CMS
CVE-2022-37206
RESERVED
-CVE-2022-37205
- RESERVED
-CVE-2022-37204
- RESERVED
+CVE-2022-37205 (JFinal CMS 5.1.0 is affected by: SQL Injection. These
interfaces do no ...)
+ TODO: check
+CVE-2022-37204 (Final CMS 5.1.0 is vulnerable to SQL Injection. ...)
+ TODO: check
CVE-2022-37203 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These
interfaces do n ...)
TODO: check
CVE-2022-37202
@@ -11085,7 +11129,8 @@ CVE-2022-36759 (Online Food Ordering System v1.0 was
discovered to contain a SQL
NOT-FOR-US: Online Food Ordering System
CVE-2022-36758
RESERVED
-CVE-2022-36757 (Xaomi Mi Browser v13.10.0-gn contains a vulnerability which
allows att ...)
+CVE-2022-36757
+ REJECTED
NOT-FOR-US: Xaomi Mi Browser
CVE-2022-36756 (DIR845L A1 v1.00-v1.03 is vulnerable to command injection via
/htdocs/ ...)
NOT-FOR-US: D-Link
@@ -15134,8 +15179,8 @@ CVE-2022-35198 (Contract Management System v2.0
contains a weak default password
NOT-FOR-US: Contract Management System
CVE-2022-35197
RESERVED
-CVE-2022-35196
- RESERVED
+CVE-2022-35196 (TestLink v1.9.20 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
CVE-2022-35195 (TestLink 1.9.20 Raijin was discovered to contain a broken
access contr ...)
TODO: check
CVE-2022-35194 (TestLink v1.9.20 was discovered to contain a stored cross-site
scripti ...)
@@ -15732,8 +15777,7 @@ CVE-2022-34918 (An issue was discovered in the Linux
kernel through 5.18.9. A ty
NOTE: https://www.randorisec.fr/crack-linux-firewall/
CVE-2022-2307 (A lack of cascading deletes in GitLab CE/EE affecting all
versions sta ...)
- gitlab <unfixed>
-CVE-2022-34917
- RESERVED
+CVE-2022-34917 (A security vulnerability has been identified in Apache Kafka.
It affec ...)
- kafka <itp> (bug #786460)
CVE-2022-34916 (Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a
remote ...)
NOT-FOR-US: Apache Flume
@@ -17653,8 +17697,8 @@ CVE-2022-2179 (The X-Frame-Options header in Rockwell
Automation MicroLogix 1100
NOT-FOR-US: Rockwell
CVE-2022-2178
RESERVED
-CVE-2022-2177
- RESERVED
+CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL
Injectio ...)
+ TODO: check
CVE-2022-2176
RESERVED
CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
@@ -17952,8 +17996,8 @@ CVE-2022-2156 (Use after free in Core in Google Chrome
prior to 103.0.5060.53 al
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2155
RESERVED
-CVE-2022-2154
- RESERVED
+CVE-2022-2154 (An attacker with physical access can exploit this vulnerability
to exe ...)
+ TODO: check
CVE-2022-2153 (A flaw was found in the Linux kernel’s KVM when
attempting to se ...)
{DSA-5173-1 DLA-3065-1}
- linux 5.17.3-1
@@ -23114,8 +23158,8 @@ CVE-2022-32169
RESERVED
CVE-2022-32168
RESERVED
-CVE-2022-32167
- RESERVED
+CVE-2022-32167 (Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to
Stored Cros ...)
+ TODO: check
CVE-2022-32166
RESERVED
CVE-2022-32165
@@ -27800,8 +27844,8 @@ CVE-2022-30580 (Code injection in Cmd.Start in os/exec
before Go 1.17.11 and Go
- golang-1.8 <not-affected> (Only affects Go on Windows)
- golang-1.7 <not-affected> (Only affects Go on Windows)
NOTE: https://go.dev/issue/52574
-CVE-2022-30579
- RESERVED
+CVE-2022-30579 (The Web Player component of TIBCO Software Inc.'s TIBCO
Spotfire Analy ...)
+ TODO: check
CVE-2022-30578
RESERVED
CVE-2022-30577
@@ -38792,8 +38836,8 @@ CVE-2022-26876
RESERVED
CVE-2022-26875
RESERVED
-CVE-2022-26873
- RESERVED
+CVE-2022-26873 (A potential attacker can execute an arbitrary code at the time
of the ...)
+ TODO: check
CVE-2022-26872
RESERVED
CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex
Central cou ...)
@@ -92426,18 +92470,18 @@ CVE-2021-33083 (Improper authentication in firmware
for some Intel(R) SSD, Intel
NOT-FOR-US: Intel
CVE-2021-33082 (Sensitive information in resource not removed before reuse in
firmware ...)
NOT-FOR-US: Intel
-CVE-2021-33081
- RESERVED
+CVE-2021-33081 (Protection mechanism failure in firmware for some Intel(R) SSD
DC Prod ...)
+ TODO: check
CVE-2021-33080 (Exposure of sensitive system information due to uncleared
debug inform ...)
NOT-FOR-US: Intel
-CVE-2021-33079
- RESERVED
+CVE-2021-33079 (Protection mechanism failure in firmware for some Intel(R) SSD
DC Prod ...)
+ TODO: check
CVE-2021-33078 (Race condition within a thread in firmware for some Intel(R)
Optane(TM ...)
NOT-FOR-US: Intel
CVE-2021-33077 (Insufficient control flow management in firmware for some
Intel(R) SSD ...)
NOT-FOR-US: Intel
-CVE-2021-33076
- RESERVED
+CVE-2021-33076 (Improper authentication in firmware for some Intel(R) SSD DC
Products ...)
+ TODO: check
CVE-2021-33075 (Race condition in firmware for some Intel(R) Optane(TM) SSD,
Intel(R) ...)
NOT-FOR-US: Intel
CVE-2021-33074 (Protection mechanism failure in firmware for some Intel(R)
SSD, Intel( ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01e28e4ca912b3227cc5127faed968cfb3e2ea97
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01e28e4ca912b3227cc5127faed968cfb3e2ea97
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
