[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 13 Oct 2022 01:10:34 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
123fdc15 by security tracker role at 2022-10-13T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,26 @@
-CVE-2022-42906
+CVE-2022-42907
+       RESERVED
+CVE-2022-42905
+       RESERVED
+CVE-2022-42904
+       RESERVED
+CVE-2022-42903
+       RESERVED
+CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before 
2022.10, the ...)
+       TODO: check
+CVE-2022-42901 (Bentley MicroStation and MicroStation-based applications may 
be affect ...)
+       TODO: check
+CVE-2022-42900 (Bentley MicroStation and MicroStation-based applications may 
be affect ...)
+       TODO: check
+CVE-2022-42899 (Bentley MicroStation and MicroStation-based applications may 
be affect ...)
+       TODO: check
+CVE-2022-42898
+       RESERVED
+CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows 
unauthe ...)
+       TODO: check
+CVE-2022-3478
+       RESERVED
+CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 
allows arbi ...)
        - powerline-gitstatus <unfixed>
        NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45
        NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46
@@ -24,14 +46,14 @@ CVE-2022-3475
        RESERVED
 CVE-2022-3474
        RESERVED
-CVE-2022-3473
-       RESERVED
-CVE-2022-3472
-       RESERVED
-CVE-2022-3471
-       RESERVED
-CVE-2022-3470
-       RESERVED
+CVE-2022-3473 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
+       TODO: check
+CVE-2022-3472 (A vulnerability was found in SourceCodester Human Resource 
Management  ...)
+       TODO: check
+CVE-2022-3471 (A vulnerability was found in SourceCodester Human Resource 
Management  ...)
+       TODO: check
+CVE-2022-3470 (A vulnerability was found in SourceCodester Human Resource 
Management  ...)
+       TODO: check
 CVE-2022-3469
        RESERVED
 CVE-2022-3468
@@ -3606,14 +3628,14 @@ CVE-2022-41353
        RESERVED
 CVE-2022-41352 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 
and 9.0.  ...)
        NOT-FOR-US: Zimbra
-CVE-2022-41351
-       RESERVED
-CVE-2022-41350
-       RESERVED
-CVE-2022-41349
-       RESERVED
-CVE-2022-41348
-       RESERVED
+CVE-2022-41351 (In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL 
/h/calendar, on ...)
+       TODO: check
+CVE-2022-41350 (In Zimbra Collaboration Suite (ZCS) 8.8.15, 
/h/search?action=voicemail ...)
+       TODO: check
+CVE-2022-41349 (In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at 
/h/compose acce ...)
+       TODO: check
+CVE-2022-41348 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS 
can occ ...)
+       TODO: check
 CVE-2022-41347 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x 
and 9.x (e ...)
        NOT-FOR-US: Zimbra
 CVE-2022-41346
@@ -3733,8 +3755,8 @@ CVE-2022-41320 (Veritas System Recovery (VSR) versions 18 
and 21 store a network
        NOT-FOR-US: Veritas System Recovery (VSR)
 CVE-2022-41319 (A Reflected Cross-Site Scripting (XSS) vulnerability affects 
the Verit ...)
        NOT-FOR-US: Veritas
-CVE-2022-41316
-       RESERVED
+CVE-2022-41316 (HashiCorp Vault and Vault Enterprise&#8217;s TLS certificate 
auth meth ...)
+       TODO: check
 CVE-2022-3281
        RESERVED
 CVE-2022-3280
@@ -6150,8 +6172,7 @@ CVE-2022-3172
        - kubernetes 1.20.5+really1.20.2-1
        NOTE: Server components no longer built since 1.20.5+really1.20.2-1, 
marking that as fixed version
        NOTE: The source package itself it still vulnerable, but custom 
rebuilds are not really a usecase here
-CVE-2022-3171 [potential denial of service issue in the Java Protobuf runtime]
-       RESERVED
+CVE-2022-3171 (A parsing issue with binary data in protobuf-java core and lite 
versio ...)
        [experimental] - protobuf 3.21.7-1
        - protobuf <unfixed>
        NOTE: 
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
@@ -6430,8 +6451,8 @@ CVE-2022-40188 (Knot Resolver before 5.5.3 allows remote 
attackers to cause a de
        [bullseye] - knot-resolver <no-dsa> (Minor issue)
        NOTE: 
https://github.com/CZ-NIC/knot-resolver/commit/f6577a20e493c7fbdac124d7544bf1846b084185
 (v5.5.3)
        NOTE: https://www.knot-resolver.cz/2022-09-21-knot-resolver-5.5.3.html
-CVE-2022-40187
-       RESERVED
+CVE-2022-40187 (Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target 
Communicati ...)
+       TODO: check
 CVE-2022-40186 (An issue was discovered in HashiCorp Vault and Vault 
Enterprise before ...)
        NOT-FOR-US: HashiCorp Vault and Vault Enterprise
 CVE-2022-40185
@@ -8405,12 +8426,12 @@ CVE-2022-39301
        RESERVED
 CVE-2022-39300
        RESERVED
-CVE-2022-39299
-       RESERVED
-CVE-2022-39298
-       RESERVED
-CVE-2022-39297
-       RESERVED
+CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for 
Passport, the  ...)
+       TODO: check
+CVE-2022-39298 (MelisFront is the engine that displays website hosted on Melis 
Platfor ...)
+       TODO: check
+CVE-2022-39297 (MelisCms provides a full CMS for Melis Platform, including 
templating  ...)
+       TODO: check
 CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's 
assets locat ...)
        NOT-FOR-US: MelisAssetManager
 CVE-2022-39295
@@ -8453,10 +8474,10 @@ CVE-2022-39285 (ZoneMinder is a free, open source 
Closed-circuit television soft
        NOTE: NOTE: Only supported for trusted users/behind auth, see 
README.debian.security
 CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions 
prior to 4. ...)
        - codeigniter <itp> (bug #471583)
-CVE-2022-39283
-       RESERVED
-CVE-2022-39282
-       RESERVED
+CVE-2022-39283 (FreeRDP is a free remote desktop protocol library and clients. 
All Fre ...)
+       TODO: check
+CVE-2022-39282 (FreeRDP is a free remote desktop protocol library and clients. 
FreeRDP ...)
+       TODO: check
 CVE-2022-39281 (fat_free_crm is a an open source, Ruby on Rails customer 
relationship  ...)
        NOT-FOR-US: fat_free_crm
 CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in 
versions bef ...)
@@ -11382,8 +11403,8 @@ CVE-2022-38363
        RESERVED
 CVE-2022-2829 (Cross-site Scripting (XSS) - Stored in GitHub repository 
yetiforcecomp ...)
        NOT-FOR-US: yetiforcecrm
-CVE-2022-2828
-       RESERVED
+CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal 
inform ...)
+       TODO: check
 CVE-2022-2827
        RESERVED
 CVE-2022-2826
@@ -13239,8 +13260,8 @@ CVE-2022-37603
        RESERVED
 CVE-2022-37602
        RESERVED
-CVE-2022-37601
-       RESERVED
+CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in 
parseQuery ...)
+       TODO: check
 CVE-2022-37600
        RESERVED
 CVE-2022-37599 (A Regular expression denial of service (ReDoS) flaw was found 
in Funct ...)
@@ -21895,10 +21916,10 @@ CVE-2022-34393
        RESERVED
 CVE-2022-34392
        RESERVED
-CVE-2022-34391
-       RESERVED
-CVE-2022-34390
-       RESERVED
+CVE-2022-34391 (Dell Client BIOS Versions prior to the remediated version 
contain an i ...)
+       TODO: check
+CVE-2022-34390 (Dell BIOS contains a use of uninitialized variable 
vulnerability. A lo ...)
+       TODO: check
 CVE-2022-34389
        RESERVED
 CVE-2022-34388
@@ -22855,8 +22876,8 @@ CVE-2022-34022
        RESERVED
 CVE-2022-34021
        RESERVED
-CVE-2022-34020
-       RESERVED
+CVE-2022-34020 (Cross Site Request Forgery (CSRF) vulnerability in ResIOT 
ResIOT IOT P ...)
+       TODO: check
 CVE-2022-34019
        RESERVED
 CVE-2022-34018
@@ -23257,8 +23278,8 @@ CVE-2014-125003 (A vulnerability was found in FFmpeg 
2.0 and classified as probl
 CVE-2014-125002 (A vulnerability was found in FFmpeg 2.0. It has been 
classified as pro ...)
        - ffmpeg <not-affected> (Fixed before re-introduction to Debian as 
src:ffmpeg)
        NOTE: Fixed by: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005b
 (n2.2-rc1)
-CVE-2022-33937
-       RESERVED
+CVE-2022-33937 (Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal 
Vulnerabil ...)
+       TODO: check
 CVE-2022-33936 (Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE 
vulnerab ...)
        NOT-FOR-US: EMC
 CVE-2022-33935 (Dell EMC Data Protection Advisor versions 19.6 and earlier, 
contains a ...)
@@ -23287,16 +23308,16 @@ CVE-2022-33924 (Dell Wyse Management Suite 3.6.1 and 
below contains an Improper
        NOT-FOR-US: Dell Wyse Management Suite
 CVE-2022-33923 (Dell PowerStore, versions prior to 3.0.0.0, contains an OS 
Command Inj ...)
        NOT-FOR-US: Dell
-CVE-2022-33922
-       RESERVED
-CVE-2022-33921
-       RESERVED
-CVE-2022-33920
-       RESERVED
-CVE-2022-33919
-       RESERVED
-CVE-2022-33918
-       RESERVED
+CVE-2022-33922 (Dell GeoDrive, versions prior to 2.2, contains Insecure File 
and Folde ...)
+       TODO: check
+CVE-2022-33921 (Dell GeoDrive, versions prior to 2.2, contains Multiple DLL 
Hijacking  ...)
+       TODO: check
+CVE-2022-33920 (Dell GeoDrive, versions prior to 2.2, contains an Unquoted 
File Path v ...)
+       TODO: check
+CVE-2022-33919 (Dell GeoDrive, versions 2.1 - 2.2, contains an information 
disclosure  ...)
+       TODO: check
+CVE-2022-33918 (Dell GeoDrive, Versions 2.1 - 2.2, contains an information 
disclosure  ...)
+       TODO: check
 CVE-2022-33917 (An issue was discovered in the Arm Mali GPU Kernel Driver 
(Valhall r29 ...)
        NOT-FOR-US: ARM Mali
 CVE-2022-2117 (The GiveWP plugin for WordPress is vulnerable to Sensitive 
Information ...)
@@ -26660,28 +26681,28 @@ CVE-2022-32495
        RESERVED
 CVE-2022-32494
        RESERVED
-CVE-2022-32493
-       RESERVED
+CVE-2022-32493 (Dell BIOS contains an Stack-Based Buffer Overflow 
vulnerability. A loc ...)
+       TODO: check
 CVE-2022-32492 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
        NOT-FOR-US: Dell
-CVE-2022-32491
-       RESERVED
+CVE-2022-32491 (Dell Client BIOS contains a Buffer Overflow vulnerability. A 
local aut ...)
+       TODO: check
 CVE-2022-32490
        RESERVED
-CVE-2022-32489
-       RESERVED
-CVE-2022-32488
-       RESERVED
-CVE-2022-32487
-       RESERVED
+CVE-2022-32489 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
+       TODO: check
+CVE-2022-32488 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
+       TODO: check
+CVE-2022-32487 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
+       TODO: check
 CVE-2022-32486 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
        NOT-FOR-US: Dell
-CVE-2022-32485
-       RESERVED
-CVE-2022-32484
-       RESERVED
-CVE-2022-32483
-       RESERVED
+CVE-2022-32485 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
+       TODO: check
+CVE-2022-32484 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
+       TODO: check
+CVE-2022-32483 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
+       TODO: check
 CVE-2022-32482
        RESERVED
 CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11, 
contain a p ...)
@@ -30421,8 +30442,8 @@ CVE-2022-31230 (Dell PowerScale OneFS, versions 
8.2.x-9.2.x, contain broken or r
        NOT-FOR-US: Dell
 CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error 
message ...)
        NOT-FOR-US: Dell
-CVE-2022-31228
-       RESERVED
+CVE-2022-31228 (Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a 
bruteforce vu ...)
+       TODO: check
 CVE-2022-31227
        RESERVED
 CVE-2022-31226 (Dell BIOS versions contain a Stack-based Buffer Overflow 
vulnerability ...)
@@ -89032,8 +89053,8 @@ CVE-2021-36370 (An issue was discovered in Midnight 
Commander through 4.8.26. Wh
        [buster] - mc <no-dsa> (Minor issue)
        [stretch] - mc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/MidnightCommander/mc/commit/9235d3c232d13ad7f973346077c9cf2eaa77dc5f
-CVE-2021-36369
-       RESERVED
+CVE-2021-36369 (An issue was discovered in Dropbear through 2020.81. Due to a 
non-RFC- ...)
+       TODO: check
 CVE-2021-36368 (** DISPUTED ** An issue was discovered in OpenSSH before 8.9. 
If a cli ...)
        - openssh 1:8.9p1-1 (unimportant)
        NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3316
@@ -272766,10 +272787,10 @@ CVE-2018-18449 (EmpireCMS 7.5 allows CSRF for 
adding a user account via an enews
        NOT-FOR-US: EmpireCMS
 CVE-2018-18448
        RESERVED
-CVE-2018-18447
-       RESERVED
-CVE-2018-18446
-       RESERVED
+CVE-2018-18447 (dotPDN Paint.NET before 4.1.2 allows Deserialization of 
Untrusted Data ...)
+       TODO: check
+CVE-2018-18446 (dotPDN Paint.NET before 4.1.2 allows Deserialization of 
Untrusted Data ...)
+       TODO: check
 CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an 
out-of-bound ...)
        {DSA-4755-1 DLA-2358-1}
        - openexr 2.5.3-2 (unimportant)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/123fdc15401f38055b4cde85f4e4a4744be8ea2c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/123fdc15401f38055b4cde85f4e4a4744be8ea2c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to