Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73bc5f38 by security tracker role at 2022-09-30T08:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,88 @@
-CVE-2022-41850 [HID: roccat: Fix Use-After-Free in roccat_read]
+CVE-2022-41847 (An issue was discovered in Bento4 1.6.0-639. A memory leak
exists in A ...)
+ TODO: check
+CVE-2022-41846 (An issue was discovered in Bento4 1.6.0-639. There ie
excessive memory ...)
+ TODO: check
+CVE-2022-41845 (An issue was discovered in Bento4 1.6.0-639. There ie
excessive memory ...)
+ TODO: check
+CVE-2022-41844 (An issue was discovered in Xpdf 4.04. There is a crash in
XRef::fetch( ...)
+ TODO: check
+CVE-2022-41843 (An issue was discovered in Xpdf 4.04. There is a crash in
convertToTyp ...)
+ TODO: check
+CVE-2022-41842 (An issue was discovered in Xpdf 4.04. There is a crash in
gfseek(_IO_F ...)
+ TODO: check
+CVE-2022-41841 (An issue was discovered in Bento4 through 1.6.0-639. A NULL
pointer de ...)
+ TODO: check
+CVE-2022-41829
+ RESERVED
+CVE-2022-41828 (In Amazon AWS Redshift JDBC Driver (aka
amazon-redshift-jdbc-driver or ...)
+ TODO: check
+CVE-2022-41827
+ RESERVED
+CVE-2022-41826
+ RESERVED
+CVE-2022-41825
+ RESERVED
+CVE-2022-41824
+ RESERVED
+CVE-2022-41823
+ RESERVED
+CVE-2022-41822
+ RESERVED
+CVE-2022-41821
+ RESERVED
+CVE-2022-41820
+ RESERVED
+CVE-2022-41819
+ RESERVED
+CVE-2022-41818
+ RESERVED
+CVE-2022-41817
+ RESERVED
+CVE-2022-41816
+ RESERVED
+CVE-2022-41815
+ RESERVED
+CVE-2022-41804
+ RESERVED
+CVE-2022-41803
+ RESERVED
+CVE-2022-41801
+ RESERVED
+CVE-2022-41799
+ RESERVED
+CVE-2022-41782
+ RESERVED
+CVE-2022-41771
+ RESERVED
+CVE-2022-41769
+ RESERVED
+CVE-2022-41699
+ RESERVED
+CVE-2022-41621
+ RESERVED
+CVE-2022-40972
+ RESERVED
+CVE-2022-38973
+ RESERVED
+CVE-2022-3367
+ RESERVED
+CVE-2022-3366
+ RESERVED
+CVE-2022-3365
+ RESERVED
+CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
+ TODO: check
+CVE-2022-3363
+ RESERVED
+CVE-2022-3362
+ RESERVED
+CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux
kernel th ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/all/20220904193115.GA28134@ubuntu/t/#u
-CVE-2022-41849 [video: fbdev: smscufx: Fix use-after-free in ufx_ops_open()]
+CVE-2022-41849 (drivers/video/fbdev/smscufx.c in the Linux kernel through
5.19.12 has ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/all/20220925133243.GA383897@ubuntu/T/
-CVE-2022-41848 [char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops]
+CVE-2022-41848 (drivers/char/pcmcia/synclink_cs.c in the Linux kernel through
5.19.12 ...)
- linux <unfixed>
NOTE:
https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270
CVE-2022-41812
@@ -6031,8 +6109,8 @@ CVE-2022-39234
RESERVED
CVE-2022-39233
RESERVED
-CVE-2022-39232
- RESERVED
+CVE-2022-39232 (Discourse is an open source discussion platform. Starting with
version ...)
+ TODO: check
CVE-2022-39231 (Parse Server is an open source backend that can be deployed to
any inf ...)
TODO: check
CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the
authorizatio ...)
@@ -6043,8 +6121,8 @@ CVE-2022-39228
RESERVED
CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web
Tokens. V ...)
NOT-FOR-US: python-jwt (not the same as src:pyjwt)
-CVE-2022-39226
- RESERVED
+CVE-2022-39226 (Discourse is an open source discussion platform. In versions
prior to ...)
+ TODO: check
CVE-2022-39225 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Node parse-server
CVE-2022-39224 (Arr-pm is an RPM reader/writer library written in Ruby.
Versions prior ...)
@@ -8164,8 +8242,8 @@ CVE-2022-38487
RESERVED
CVE-2022-38486
RESERVED
-CVE-2022-2922
- RESERVED
+CVE-2022-2922 (Relative Path Traversal in GitHub repository
dnnsoftware/dnn.platform ...)
+ TODO: check
CVE-2022-2921 (Exposure of Private Personal Information to an Unauthorized
Actor in G ...)
NOT-FOR-US: NotrinosERP
CVE-2022-38485
@@ -9291,8 +9369,8 @@ CVE-2022-2780
RESERVED
CVE-2022-2779 (A vulnerability classified as critical was found in
SourceCodester Gas ...)
NOT-FOR-US: SourceCodester Gas Agency Management System
-CVE-2022-2778
- RESERVED
+CVE-2022-2778 (In affected versions of Octopus Deploy it is possible to bypass
rate l ...)
+ TODO: check
CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository
microweber/mi ...)
NOT-FOR-US: microweber
CVE-2022-2776 (A vulnerability classified as problematic has been found in
SourceCode ...)
@@ -14706,12 +14784,12 @@ CVE-2022-36070 (Poetry is a dependency manager for
Python. To handle dependencie
CVE-2022-36069 (Poetry is a dependency manager for Python. When handling
dependencies ...)
NOTE:
https://github.com/python-poetry/poetry/security/advisories/GHSA-9xgj-fcgf-x6mw
TODO: check details, CVE associated with poetry (and fixed in 1.1.9),
though changes in poetry-core
-CVE-2022-36068
- RESERVED
+CVE-2022-36068 (Discourse is an open source discussion platform. In versions
prior to ...)
+ TODO: check
CVE-2022-36067 (vm2 is a sandbox that can run untrusted code with whitelisted
Node's b ...)
NOT-FOR-US: Node vm2
-CVE-2022-36066
- RESERVED
+CVE-2022-36066 (Discourse is an open source discussion platform. In versions
prior to ...)
+ TODO: check
CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and
A/B tes ...)
NOT-FOR-US: GrowthBook
CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An
Inefficient Regu ...)
@@ -43527,8 +43605,8 @@ CVE-2022-24376 (All versions of package git-promise are
vulnerable to Command In
NOT-FOR-US: Node git-promise
CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial
of Servi ...)
NOT-FOR-US: node-opcua/node-opcua
-CVE-2022-24373
- RESERVED
+CVE-2022-24373 (The package react-native-reanimated before 3.0.0-rc.1 are
vulnerable t ...)
+ TODO: check
CVE-2022-24298 (All versions of package freeopcua/freeopcua are vulnerable to
Denial o ...)
NOT-FOR-US: FreeOpcUa/freeopcua
CVE-2022-24279 (The package madlib-object-utils before 0.1.8 are vulnerable to
Prototy ...)
@@ -43594,8 +43672,8 @@ CVE-2022-21227 (The package sqlite3 before 5.0.3 are
vulnerable to Denial of Ser
NOTE: https://security.snyk.io/vuln/SNYK-JS-SQLITE3-2388645
CVE-2022-21223 (The package cocoapods-downloader before 1.6.2 are vulnerable
to Comman ...)
NOT-FOR-US: cocoapods-downloader
-CVE-2022-21222
- RESERVED
+CVE-2022-21222 (The package css-what before 2.1.3 are vulnerable to Regular
Expression ...)
+ TODO: check
CVE-2022-21221 (The package github.com/valyala/fasthttp before 1.34.0 are
vulnerable t ...)
NOT-FOR-US: github.com/valyala/fasthttp
CVE-2022-21213 (This affects all versions of package mout. The deepFillIn
function can ...)
@@ -57850,7 +57928,7 @@ CVE-2021-4157 (An out of memory bounds write flaw (1 or
2 bytes of memory) in th
[stretch] - linux 4.9.272-1
NOTE:
https://git.kernel.org/linus/ed34695e15aba74f45247f1ee2cf7e09d449f925 (5.13-rc1)
CVE-2021-4156 (An out-of-bounds read flaw was found in libsndfile's FLAC codec
functi ...)
- {DLA-3058-1}
+ {DLA-3126-1 DLA-3058-1}
- libsndfile 1.1.0-1 (bug #1014713)
[bullseye] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/libsndfile/libsndfile/issues/731
@@ -133094,6 +133172,7 @@ CVE-2020-29262
CVE-2020-29261
RESERVED
CVE-2020-29260 (libvncclient v0.9.13 was discovered to contain a memory leak
via the f ...)
+ {DLA-3125-1}
- libvncserver <unfixed> (bug #1019228)
NOTE:
https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec
CVE-2020-29259 (Cross-site scripting (XSS) vulnerability in Online Examination
System ...)
@@ -145237,7 +145316,7 @@ CVE-2020-25712 (A flaw was found in xorg-x11-server
before 1.20.10. A heap-buffe
CVE-2020-25711 (A flaw was found in infinispan 10 REST API, where
authorization permis ...)
NOT-FOR-US: Infinispan
CVE-2020-25708 (A divide by zero issue was found to occur in
libvncserver-0.9.12. A ma ...)
- {DLA-2451-1}
+ {DLA-3125-1 DLA-2451-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/issues/409
NOTE:
https://github.com/LibVNC/libvncserver/commit/673c07a75ed844d74676f3ccdcfdc706a7052dba
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73bc5f38146821b42826262b32d1e5969b746fcb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73bc5f38146821b42826262b32d1e5969b746fcb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
