[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 13 Oct 2022 13:10:41 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2f09da58 by security tracker role at 2022-10-13T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2022-42918
+       RESERVED
+CVE-2022-42917
+       RESERVED
+CVE-2022-42916
+       RESERVED
+CVE-2022-42915
+       RESERVED
+CVE-2022-42914
+       RESERVED
+CVE-2022-42913
+       RESERVED
+CVE-2022-42912
+       RESERVED
+CVE-2022-42911
+       RESERVED
+CVE-2022-42910
+       RESERVED
+CVE-2022-42909
+       RESERVED
+CVE-2022-42908
+       RESERVED
+CVE-2022-3499
+       RESERVED
+CVE-2022-3498
+       RESERVED
+CVE-2022-3497
+       RESERVED
+CVE-2022-3496
+       RESERVED
+CVE-2022-3495
+       RESERVED
+CVE-2022-3494
+       RESERVED
+CVE-2022-3493 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2022-3492 (A vulnerability classified as critical was found in 
SourceCodester Hum ...)
+       TODO: check
+CVE-2022-3491
+       RESERVED
+CVE-2022-3490
+       RESERVED
+CVE-2022-3489
+       RESERVED
+CVE-2022-3488
+       RESERVED
+CVE-2022-3487
+       RESERVED
+CVE-2022-3486
+       RESERVED
+CVE-2022-3485
+       RESERVED
+CVE-2022-3484
+       RESERVED
+CVE-2022-3483
+       RESERVED
+CVE-2022-3482
+       RESERVED
+CVE-2022-3481
+       RESERVED
+CVE-2022-3480
+       RESERVED
+CVE-2022-3479
+       RESERVED
 CVE-2022-42907
        RESERVED
 CVE-2022-42905
@@ -72,8 +136,8 @@ CVE-2022-3463
        RESERVED
 CVE-2022-3462
        RESERVED
-CVE-2022-42889
-       RESERVED
+CVE-2022-42889 (Apache Commons Text performs variable interpolation, allowing 
properti ...)
+       TODO: check
 CVE-2022-42878
        RESERVED
 CVE-2022-42877
@@ -404,26 +468,32 @@ CVE-2022-3451
        RESERVED
 CVE-2022-3450
        RESERVED
+       {DSA-5253-1}
        - chromium 106.0.5249.119-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3449
        RESERVED
+       {DSA-5253-1}
        - chromium 106.0.5249.119-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3448
        RESERVED
+       {DSA-5253-1}
        - chromium 106.0.5249.119-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3447
        RESERVED
+       {DSA-5253-1}
        - chromium 106.0.5249.119-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3446
        RESERVED
+       {DSA-5253-1}
        - chromium 106.0.5249.119-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3445
        RESERVED
+       {DSA-5253-1}
        - chromium 106.0.5249.119-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-42735
@@ -1698,18 +1768,18 @@ CVE-2022-42163
        RESERVED
 CVE-2022-42162
        RESERVED
-CVE-2022-42161
-       RESERVED
-CVE-2022-42160
-       RESERVED
-CVE-2022-42159
-       RESERVED
+CVE-2022-42161 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a 
command i ...)
+       TODO: check
+CVE-2022-42160 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a 
command i ...)
+       TODO: check
+CVE-2022-42159 (D-Link COVR 1200,1202,1203 v1.08 was discovered to have a 
predictable  ...)
+       TODO: check
 CVE-2022-42158
        RESERVED
 CVE-2022-42157
        RESERVED
-CVE-2022-42156
-       RESERVED
+CVE-2022-42156 (D-Link COVR 1200,1203 v1.08 was discovered to contain a 
command inject ...)
+       TODO: check
 CVE-2022-42155
        RESERVED
 CVE-2022-42154
@@ -3351,26 +3421,26 @@ CVE-2022-41491
        RESERVED
 CVE-2022-41490
        RESERVED
-CVE-2022-41489
-       RESERVED
+CVE-2022-41489 (WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site 
Request F ...)
+       TODO: check
 CVE-2022-41488
        RESERVED
 CVE-2022-41487
        RESERVED
 CVE-2022-41486
        RESERVED
-CVE-2022-41485
-       RESERVED
-CVE-2022-41484
-       RESERVED
-CVE-2022-41483
-       RESERVED
-CVE-2022-41482
-       RESERVED
-CVE-2022-41481
-       RESERVED
-CVE-2022-41480
-       RESERVED
+CVE-2022-41485 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was 
discovered to  ...)
+       TODO: check
+CVE-2022-41484 (Tenda AC1900 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was 
discovered to  ...)
+       TODO: check
+CVE-2022-41483 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was 
discovered to  ...)
+       TODO: check
+CVE-2022-41482 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was 
discovered to  ...)
+       TODO: check
+CVE-2022-41481 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was 
discovered to  ...)
+       TODO: check
+CVE-2022-41480 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was 
discovered to  ...)
+       TODO: check
 CVE-2022-41479
        RESERVED
 CVE-2022-41478
@@ -3379,12 +3449,12 @@ CVE-2022-41477
        RESERVED
 CVE-2022-41476
        RESERVED
-CVE-2022-41475
-       RESERVED
-CVE-2022-41474
-       RESERVED
-CVE-2022-41473
-       RESERVED
+CVE-2022-41475 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request 
Forgery (C ...)
+       TODO: check
+CVE-2022-41474 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request 
Forgery (C ...)
+       TODO: check
+CVE-2022-41473 (RPCMS v3.0.2 was discovered to contain a reflected cross-site 
scriptin ...)
+       TODO: check
 CVE-2022-41472
        RESERVED
 CVE-2022-41471
@@ -8441,8 +8511,8 @@ CVE-2022-39295
        RESERVED
 CVE-2022-39294
        RESERVED
-CVE-2022-39293
-       RESERVED
+CVE-2022-39293 (Azure RTOS USBX is a high-performance USB host, device, and 
on-the-go  ...)
+       TODO: check
 CVE-2022-39292 (Slack Morphism is a modern client library for Slack Web/Events 
API/Soc ...)
        NOT-FOR-US: Slack Morphism
 CVE-2022-39291 (ZoneMinder is a free, open source Closed-circuit television 
software a ...)
@@ -9517,8 +9587,8 @@ CVE-2022-38904
        RESERVED
 CVE-2022-38903
        RESERVED
-CVE-2022-38902
-       RESERVED
+CVE-2022-38902 (A Cross-site scripting (XSS) vulnerability in the Blog module 
- add ne ...)
+       TODO: check
 CVE-2022-38901
        RESERVED
 CVE-2022-38900
@@ -14404,8 +14474,8 @@ CVE-2022-37210
        RESERVED
 CVE-2022-37209 (JFinal CMS 5.1.0 is affected by: SQL Injection. These 
interfaces do no ...)
        NOT-FOR-US: JFinal CMS
-CVE-2022-37208
-       RESERVED
+CVE-2022-37208 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These 
interfaces do n ...)
+       TODO: check
 CVE-2022-37207 (JFinal CMS 5.1.0 is affected by: SQL Injection. These 
interfaces do no ...)
        NOT-FOR-US: JFinal CMS
 CVE-2022-37206
@@ -19878,10 +19948,10 @@ CVE-2022-35083
        RESERVED
 CVE-2022-35082
        RESERVED
-CVE-2022-35081
-       RESERVED
-CVE-2022-35080
-       RESERVED
+CVE-2022-35081 (SWFTools commit 772e55a2 was discovered to contain a 
heap-buffer overf ...)
+       TODO: check
+CVE-2022-35080 (SWFTools commit 772e55a2 was discovered to contain a 
heap-buffer overf ...)
+       TODO: check
 CVE-2022-35079
        RESERVED
 CVE-2022-35078
@@ -49792,8 +49862,7 @@ CVE-2022-24699
        RESERVED
 CVE-2022-24698
        RESERVED
-CVE-2022-24697
-       RESERVED
+CVE-2022-24697 (Kylin's cube designer function has a command injection 
vulnerability w ...)
        NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2022-0551 (Improper Input Validation vulnerability in project file upload 
in Nozo ...)
        NOT-FOR-US: Nozomi Networks
@@ -88068,7 +88137,7 @@ CVE-2021-36780 (A Improper Access Control vulnerability 
in longhorn of SUSE Long
        NOT-FOR-US: Longhorn
 CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn 
allows any w ...)
        NOT-FOR-US: Longhorn
-CVE-2021-36778 (A Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabi ...)
+CVE-2021-36778 (A Incorrect Authorization vulnerability in SUSE Rancher allows 
adminis ...)
        NOT-FOR-US: Rancher
 CVE-2021-36777 (A Reliance on Untrusted Inputs in a Security Decision 
vulnerability in ...)
        NOT-FOR-US: OpenSuSE infrastructure
@@ -100010,7 +100079,7 @@ CVE-2021-31999 (A Reliance on Untrusted Inputs in a 
Security Decision vulnerabil
        NOT-FOR-US: Rancher
 CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging 
of inn  ...)
        - inn2 <not-affected> (SuSE-specific packaging issue)
-CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in 
python-posto ...)
+CVE-2021-31997 (A UNIX Symbolic Link (Symlink) Following vulnerability in 
python-posto ...)
        - postorius <not-affected> (SuSE-specific packaging issue)
 CVE-2021-31996 (An issue was discovered in the algorithmica crate through 
2021-03-07 f ...)
        NOT-FOR-US: Rust crate algorithmica
@@ -131993,8 +132062,8 @@ CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is 
vulnerable to Java Debug Wire
        NOT-FOR-US: SonicWall
 CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially 
allows  ...)
        NOT-FOR-US: SonicWall
-CVE-2021-20030
-       RESERVED
+CVE-2021-20030 (SonicWall GMS is vulnerable to file path manipulation 
resulting that a ...)
+       TODO: check
 CVE-2021-20029
        RESERVED
 CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a 
SQL Comma ...)
@@ -145199,61 +145268,61 @@ CVE-2020-26868 (ARC Informatique PcVue prior to 
version 12.0.17 is vulnerable to
 CVE-2020-26867 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable 
due to t ...)
        NOT-FOR-US: PcVue
 CVE-2020-26866
-       RESERVED
+       REJECTED
 CVE-2020-26865
-       RESERVED
+       REJECTED
 CVE-2020-26864
-       RESERVED
+       REJECTED
 CVE-2020-26863
-       RESERVED
+       REJECTED
 CVE-2020-26862
-       RESERVED
+       REJECTED
 CVE-2020-26861
-       RESERVED
+       REJECTED
 CVE-2020-26860
-       RESERVED
+       REJECTED
 CVE-2020-26859
-       RESERVED
+       REJECTED
 CVE-2020-26858
-       RESERVED
+       REJECTED
 CVE-2020-26857
-       RESERVED
+       REJECTED
 CVE-2020-26856
-       RESERVED
+       REJECTED
 CVE-2020-26855
-       RESERVED
+       REJECTED
 CVE-2020-26854
-       RESERVED
+       REJECTED
 CVE-2020-26853
-       RESERVED
+       REJECTED
 CVE-2020-26852
-       RESERVED
+       REJECTED
 CVE-2020-26851
-       RESERVED
+       REJECTED
 CVE-2020-26850
-       RESERVED
+       REJECTED
 CVE-2020-26849
-       RESERVED
+       REJECTED
 CVE-2020-26848
-       RESERVED
+       REJECTED
 CVE-2020-26847
-       RESERVED
+       REJECTED
 CVE-2020-26846
-       RESERVED
+       REJECTED
 CVE-2020-26845
-       RESERVED
+       REJECTED
 CVE-2020-26844
-       RESERVED
+       REJECTED
 CVE-2020-26843
-       RESERVED
+       REJECTED
 CVE-2020-26842
-       RESERVED
+       REJECTED
 CVE-2020-26841
-       RESERVED
+       REJECTED
 CVE-2020-26840
-       RESERVED
+       REJECTED
 CVE-2020-26839
-       RESERVED
+       REJECTED
 CVE-2020-26838 (SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 
750, 751,  ...)
        NOT-FOR-US: SAP
 CVE-2020-26837 (SAP Solution Manager 7.2 (User Experience Monitoring), version 
- 7.2,  ...)
@@ -210941,7 +211010,7 @@ CVE-2019-18908
        RESERVED
 CVE-2019-18907
        RESERVED
-CVE-2019-18906 (A Use of Password Hash Instead of Password for Authentication 
vulnerab ...)
+CVE-2019-18906 (A Improper Authentication vulnerability in cryptctl of SUSE 
Linux Ente ...)
        NOT-FOR-US: SAP
 CVE-2019-18905 (A Insufficient Verification of Data Authenticity vulnerability 
in auto ...)
        NOT-FOR-US: autoyast2
@@ -274274,7 +274343,7 @@ CVE-2018-17956 (In yast2-samba-provision up to and 
including version 1.0.1 the p
        NOT-FOR-US: yast2-samba-provision
 CVE-2018-17955 (In yast2-multipath before version 4.1.1 a static temporary 
filename al ...)
        NOT-FOR-US: yast2-multipath
-CVE-2018-17954 (A Least Privilege Violation vulnerability in crowbar of SUSE 
OpenStack ...)
+CVE-2018-17954 (An Improper Privilege Management in crowbar of SUSE OpenStack 
Cloud 7, ...)
        NOT-FOR-US: crowbar
 CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access 
rule matc ...)
        - pam <not-affected> (Issue introduced by SUSE specific patch)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f09da587a161cdc9a9014b5645a697cf1380053

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f09da587a161cdc9a9014b5645a697cf1380053
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to