[Git][security-tracker-team/security-tracker][master] automatic update

Fri, 23 Sep 2022 01:10:45 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c0ae76af by security tracker role at 2022-09-23T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-41326
+       RESERVED
+CVE-2022-41325
+       RESERVED
+CVE-2022-41324
+       RESERVED
+CVE-2022-41323
+       RESERVED
+CVE-2022-41321
+       RESERVED
+CVE-2022-41320 (Veritas System Recovery (VSR) versions 18 and 21 store a 
network desti ...)
+       TODO: check
+CVE-2022-41319 (A Reflected Cross-Site Scripting (XSS) vulnerability affects 
the Verit ...)
+       TODO: check
+CVE-2022-41316
+       RESERVED
+CVE-2022-3281
+       RESERVED
+CVE-2022-3280
+       RESERVED
+CVE-2022-3279
+       RESERVED
+CVE-2022-3278
+       RESERVED
+CVE-2022-3277
+       RESERVED
+CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype 
poisoning in t ...)
+       TODO: check
 CVE-2022-3276
        RESERVED
 CVE-2022-3275
@@ -20,16 +48,18 @@ CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub 
repository ikus060/rd
        - rdiffweb <itp> (bug #969974)
 CVE-2022-3266
        RESERVED
-CVE-2022-41322
+CVE-2022-41322 (In Kitty before 0.26.2, insufficient validation in the desktop 
notific ...)
        - kitty <unfixed>
        NOTE: 
https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f
 (v0.26.2)
 CVE-2022-41318 [Buffer Over Read in SSPI and SMB Authentication]
+       RESERVED
        - squid <unfixed>
        - squid3 <removed>
        NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/2
        NOTE: Squid 4: 
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch
        NOTE: Squid 5: 
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch (5.7)
 CVE-2022-41317 [Exposure of Sensitive Information in Cache Manager]
+       RESERVED
        - squid <unfixed>
        - squid3 <removed>
        NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/1
@@ -2407,8 +2437,8 @@ CVE-2022-40299 (In Singular before 4.3.1, a predictable 
/tmp pathname is used (e
        NOTE: 
https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c
 (Release-4-3-1)
        NOTE: https://github.com/Singular/Singular/issues/1137
        NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
-CVE-2022-40298
-       RESERVED
+CVE-2022-40298 (Crestron AirMedia for Windows before 5.5.1.84 has insecure 
inherited p ...)
+       TODO: check
 CVE-2022-40297 (UBports Ubuntu Touch 16.04 allows the screen-unlock passcode 
to be use ...)
        NOT-FOR-US: UBports Ubuntu Touch
 CVE-2022-40296
@@ -2917,12 +2947,12 @@ CVE-2022-40091
        RESERVED
 CVE-2022-40090
        RESERVED
-CVE-2022-40089
-       RESERVED
-CVE-2022-40088
-       RESERVED
-CVE-2022-40087
-       RESERVED
+CVE-2022-40089 (A remote file inclusion (RFI) vulnerability in Simple College 
Website  ...)
+       TODO: check
+CVE-2022-40088 (Simple College Website v1.0 was discovered to contain a 
reflected cros ...)
+       TODO: check
+CVE-2022-40087 (Simple College Website v1.0 was discovered to contain an 
arbitrary fil ...)
+       TODO: check
 CVE-2022-40086
        RESERVED
 CVE-2022-40085
@@ -4752,12 +4782,12 @@ CVE-2022-39229
        RESERVED
 CVE-2022-39228
        RESERVED
-CVE-2022-39227
-       RESERVED
+CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web 
Tokens. V ...)
+       TODO: check
 CVE-2022-39226
        RESERVED
-CVE-2022-39225
-       RESERVED
+CVE-2022-39225 (Parse Server is an open source backend that can be deployed to 
any inf ...)
+       TODO: check
 CVE-2022-39224 (Arr-pm is an RPM reader/writer library written in Ruby. 
Versions prior ...)
        TODO: check
 CVE-2022-39223
@@ -6691,8 +6721,8 @@ CVE-2022-38575
        RESERVED
 CVE-2022-38574
        RESERVED
-CVE-2022-38573
-       RESERVED
+CVE-2022-38573 (10-Strike Network Inventory Explorer v9.3 was discovered to 
contain a  ...)
+       TODO: check
 CVE-2022-38572
        RESERVED
 CVE-2022-38571 (Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer 
overflow i ...)
@@ -10434,14 +10464,14 @@ CVE-2022-37237 (An attacker can send malicious RTMP 
requests to make the ZLMedia
        NOT-FOR-US: ZLMediaKit
 CVE-2022-37236
        RESERVED
-CVE-2022-37235
-       RESERVED
+CVE-2022-37235 (Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router 
R7000-V1. ...)
+       TODO: check
 CVE-2022-37234 (Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router 
R7000-V1. ...)
        NOT-FOR-US: Netgear
 CVE-2022-37233
        RESERVED
-CVE-2022-37232
-       RESERVED
+CVE-2022-37232 (Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable 
to Buff ...)
+       TODO: check
 CVE-2022-37231
        RESERVED
 CVE-2022-37230
@@ -11237,8 +11267,8 @@ CVE-2022-36936
        RESERVED
 CVE-2022-36935
        RESERVED
-CVE-2022-36934
-       RESERVED
+CVE-2022-36934 (An integer overflow in WhatsApp could result in remote code 
execution  ...)
+       TODO: check
 CVE-2022-36933
        RESERVED
 CVE-2022-36932
@@ -13677,8 +13707,7 @@ CVE-2022-35953 (BookWyrm is a social network for 
tracking your reading, talking
        NOT-FOR-US: BookWyrm
 CVE-2022-35952 (TensorFlow is an open source platform for machine learning. 
The `Unbat ...)
        - tensorflow <itp> (bug #804612)
-CVE-2022-35951 [Fix heap overflow vulnerability in XAUTOCLAIM]
-       RESERVED
+CVE-2022-35951 (Redis is an in-memory database that persists on disk. Versions 
7.0.0 a ...)
        - redis <unfixed> (bug #1020512)
        [bullseye] - redis <not-affected> (Vulnerable code not present)
        [buster] - redis <not-affected> (Vulnerable code not present)
@@ -24301,8 +24330,8 @@ CVE-2022-31939
        RESERVED
 CVE-2022-31938
        RESERVED
-CVE-2022-31937
-       RESERVED
+CVE-2022-31937 (Netgear N300 wireless router wnr2000v4-V1.0.0.70 was 
discovered to con ...)
+       TODO: check
 CVE-2022-31936
        RESERVED
 CVE-2022-31935
@@ -28953,8 +28982,8 @@ CVE-2022-30428 (In ginadmin through 05-10-2022, the 
incoming path value is not f
        NOT-FOR-US: ginadmin
 CVE-2022-30427 (In ginadmin through 05-10-2022 the incoming path value is not 
filtered ...)
        NOT-FOR-US: ginadmin
-CVE-2022-30426
-       RESERVED
+CVE-2022-30426 (There is a stack buffer overflow vulnerability, which could 
lead to ar ...)
+       TODO: check
 CVE-2022-30425 (Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to 
contain a  ...)
        NOT-FOR-US: Tenda
 CVE-2022-30424
@@ -33283,7 +33312,7 @@ CVE-2022-28981 (Path traversal vulnerability in the 
Hypermedia REST APIs module
        NOT-FOR-US: Liferay
 CVE-2022-28980 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay 
Portal  ...)
        NOT-FOR-US: Liferay
-CVE-2022-28979 (Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP v7.3 
before servi ...)
+CVE-2022-28979 (Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 
before fix pa ...)
        NOT-FOR-US: Liferay
 CVE-2022-28978 (Stored cross-site scripting (XSS) vulnerability in the Site 
module's u ...)
        NOT-FOR-US: Liferay
@@ -44405,7 +44434,7 @@ CVE-2021-41834 (JFrog Artifactory prior to version 
7.28.0 and 6.23.38, is vulner
        NOT-FOR-US: JFrog Artifactory
 CVE-2021-23163 (JFrog Artifactory prior to version 7.33.6 and 6.23.38, is 
vulnerable t ...)
        NOT-FOR-US: JFrog Artifactory
-CVE-2022-25146 (The Remote App module in Liferay Portal through v7.4.3.8 and 
Liferay D ...)
+CVE-2022-25146 (The Remote App module in Liferay Portal Liferay Portal 
v7.4.3.4 throug ...)
        NOT-FOR-US: Liferay
 CVE-2022-25145
        RESERVED
@@ -50124,8 +50153,8 @@ CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, 
writer and reader written in
 CVE-2022-23459 (Jsonxx or Json++ is a JSON parser, writer and reader written 
in C++. I ...)
        TODO: check - numerous jsonxx repositories exist on github
        NOTE: https://github.com/advisories/GHSA-8662-6hf9-cr47
-CVE-2022-23458
-       RESERVED
+CVE-2022-23458 (Toast UI Grid is a component to display and edit data. 
Versions prior  ...)
+       TODO: check
 CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open 
source, web  ...)
        - libowasp-esapi-java 2.4.0.0-1 (bug #1010339)
        [bullseye] - libowasp-esapi-java <no-dsa> (Minor issue)
@@ -71284,8 +71313,8 @@ CVE-2021-41805 (HashiCorp Consul Enterprise before 
1.8.17, 1.9.x before 1.9.11,
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871
 CVE-2021-41804
        RESERVED
-CVE-2021-41803
-       RESERVED
+CVE-2021-41803 (HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not 
properl ...)
+       TODO: check
 CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 
allowed a ...)
        NOT-FOR-US: HashiCorp Vault
 CVE-2021-41801 (The ReplaceText extension through 1.41 for MediaWiki has 
Incorrect Acc ...)
@@ -107098,8 +107127,8 @@ CVE-2021-27776
        RESERVED
 CVE-2021-27775
        RESERVED
-CVE-2021-27774
-       RESERVED
+CVE-2021-27774 (User input included in error response, which could be used in 
a phishi ...)
+       TODO: check
 CVE-2021-27773 (This vulnerability allows users to execute a clickjacking 
attack in th ...)
        NOT-FOR-US: HCL
 CVE-2021-27772 (Users are able to read group conversations without actively 
taking par ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0ae76afa7211269d067adaf9199d618e887d271

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0ae76afa7211269d067adaf9199d618e887d271
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to