Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e597bf16 by security tracker role at 2022-10-14T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2022-42919
+ RESERVED
+CVE-2022-3503
+ RESERVED
+CVE-2022-3502
+ RESERVED
+CVE-2022-3501
+ RESERVED
+CVE-2022-3500
+ RESERVED
CVE-2022-42918
RESERVED
CVE-2022-42917
@@ -24,12 +34,12 @@ CVE-2022-3499
RESERVED
CVE-2022-3498
RESERVED
-CVE-2022-3497
- RESERVED
-CVE-2022-3496
- RESERVED
-CVE-2022-3495
- RESERVED
+CVE-2022-3497 (A vulnerability was found in SourceCodester Human Resource
Management ...)
+ TODO: check
+CVE-2022-3496 (A vulnerability was found in SourceCodester Human Resource
Management ...)
+ TODO: check
+CVE-2022-3495 (A vulnerability has been found in SourceCodester Simple Online
Public ...)
+ TODO: check
CVE-2022-3494
RESERVED
CVE-2022-3493 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -354,10 +364,10 @@ CVE-2022-42785
RESERVED
CVE-2022-42784
RESERVED
-CVE-2022-3457
- RESERVED
-CVE-2022-3456
- RESERVED
+CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb
prior to ...)
+ TODO: check
+CVE-2022-3456 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
+ TODO: check
CVE-2022-3455
RESERVED
CVE-2022-3454
@@ -536,26 +546,22 @@ CVE-2022-42724 (app/Controller/UsersController.php in
MISP before 2.4.164 allows
NOT-FOR-US: MISP
CVE-2022-42723
RESERVED
-CVE-2022-42722
- RESERVED
+CVE-2022-42722 (In the Linux kernel 5.8 through 5.19.14, local attackers able
to injec ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE:
https://lore.kernel.org/netdev/[email protected]/T/#u
-CVE-2022-42721
- RESERVED
+CVE-2022-42721 (A list management bug in BSS handling in the mac80211 stack in
the Lin ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE:
https://lore.kernel.org/netdev/[email protected]/T/#u
-CVE-2022-42720
- RESERVED
+CVE-2022-42720 (Various refcounting bugs in the multi-BSS handling in the
mac80211 sta ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
NOTE:
https://lore.kernel.org/netdev/[email protected]/T/#u
-CVE-2022-42719
- RESERVED
+CVE-2022-42719 (A use-after-free in the mac80211 stack when parsing a
multi-BSSID elem ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
@@ -2887,8 +2893,7 @@ CVE-2022-41676
RESERVED
CVE-2022-41675
RESERVED
-CVE-2022-41674
- RESERVED
+CVE-2022-41674 (An issue was discovered in the Linux kernel through 5.19.11.
Attackers ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2
@@ -3341,20 +3346,20 @@ CVE-2022-41541
RESERVED
CVE-2022-41540
RESERVED
-CVE-2022-41539
- RESERVED
-CVE-2022-41538
- RESERVED
+CVE-2022-41539 (Wedding Planner v1.0 was discovered to contain an arbitrary
file uploa ...)
+ TODO: check
+CVE-2022-41538 (Wedding Planner v1.0 was discovered to contain an arbitrary
file uploa ...)
+ TODO: check
CVE-2022-41537
RESERVED
-CVE-2022-41536
- RESERVED
-CVE-2022-41535
- RESERVED
-CVE-2022-41534
- RESERVED
-CVE-2022-41533
- RESERVED
+CVE-2022-41536 (Open Source SACCO Management System v1.0 was discovered to
contain a S ...)
+ TODO: check
+CVE-2022-41535 (Open Source SACCO Management System v1.0 was discovered to
contain a S ...)
+ TODO: check
+CVE-2022-41534 (Online Diagnostic Lab Management System v1.0 was discovered to
contain ...)
+ TODO: check
+CVE-2022-41533 (Online Diagnostic Lab Management System v1.0 was discovered to
contain ...)
+ TODO: check
CVE-2022-41532 (Open Source SACCO Management System v1.0 was discovered to
contain a S ...)
NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41531
@@ -3425,12 +3430,12 @@ CVE-2022-41499
RESERVED
CVE-2022-41498
RESERVED
-CVE-2022-41497
- RESERVED
-CVE-2022-41496
- RESERVED
-CVE-2022-41495
- RESERVED
+CVE-2022-41497 (ClipperCMS 1.3.3 was discovered to contain a Server-Side
Request Forge ...)
+ TODO: check
+CVE-2022-41496 (iCMS v7.0.16 was discovered to contain a Server-Side Request
Forgery ( ...)
+ TODO: check
+CVE-2022-41495 (ClipperCMS 1.3.3 was discovered to contain a Server-Side
Request Forge ...)
+ TODO: check
CVE-2022-41494
RESERVED
CVE-2022-41493
@@ -3451,7 +3456,7 @@ CVE-2022-41486
RESERVED
CVE-2022-41485 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was
discovered to ...)
NOT-FOR-US: Tenda
-CVE-2022-41484 (Tenda AC1900 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was
discovered to ...)
+CVE-2022-41484 (Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to
contain a buf ...)
NOT-FOR-US: Tenda
CVE-2022-41483 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was
discovered to ...)
NOT-FOR-US: Tenda
@@ -3640,10 +3645,10 @@ CVE-2022-41393
RESERVED
CVE-2022-41392 (A cross-site scripting (XSS) vulnerability in TotalJS commit
8c2c8909 ...)
NOT-FOR-US: TotalJS CMS
-CVE-2022-41391
- RESERVED
-CVE-2022-41390
- RESERVED
+CVE-2022-41391 (OcoMon v4.0 was discovered to contain a SQL injection
vulnerability vi ...)
+ TODO: check
+CVE-2022-41390 (OcoMon v4.0 was discovered to contain a SQL injection
vulnerability vi ...)
+ TODO: check
CVE-2022-41389
RESERVED
CVE-2022-41388
@@ -8511,14 +8516,14 @@ CVE-2022-39305
RESERVED
CVE-2022-39304
RESERVED
-CVE-2022-39303
- RESERVED
-CVE-2022-39302
- RESERVED
+CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows
manipulation of SQ ...)
+ TODO: check
+CVE-2022-39302 (Ree6 is a moderation bot. This vulnerability would allow other
server ...)
+ TODO: check
CVE-2022-39301
RESERVED
-CVE-2022-39300
- RESERVED
+CVE-2022-39300 (node SAML is a SAML 2.0 library based on the SAML
implementation of pa ...)
+ TODO: check
CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for
Passport, the ...)
NOT-FOR-US: Passport-SAML
CVE-2022-39298 (MelisFront is the engine that displays website hosted on Melis
Platfor ...)
@@ -8527,8 +8532,8 @@ CVE-2022-39297 (MelisCms provides a full CMS for Melis
Platform, including templ
NOT-FOR-US: MelisCms
CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's
assets locat ...)
NOT-FOR-US: MelisAssetManager
-CVE-2022-39295
- RESERVED
+CVE-2022-39295 (Knowage is an open source suite for modern business analytics
alternat ...)
+ TODO: check
CVE-2022-39294
RESERVED
CVE-2022-39293 (Azure RTOS USBX is a high-performance USB host, device, and
on-the-go ...)
@@ -8583,8 +8588,8 @@ CVE-2022-39280 (dparse is a parser for Python dependency
files. dparse in versio
NOT-FOR-US: dparse (parser for Python dependency files)
CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board
which adds ...)
NOT-FOR-US: discourse-chat plugin for Discourse
-CVE-2022-39278
- RESERVED
+CVE-2022-39278 (Istio is an open platform-independent service mesh that
provides traff ...)
+ TODO: check
CVE-2022-39277
RESERVED
CVE-2022-39276
@@ -8715,8 +8720,8 @@ CVE-2022-39231 (Parse Server is an open source backend
that can be deployed to a
NOT-FOR-US: Node parse-server
CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the
authorizatio ...)
NOT-FOR-US: fhir-works-on-aws-authz-smart
-CVE-2022-39229
- RESERVED
+CVE-2022-39229 (Grafana is an open source data visualization platform for
metrics, log ...)
+ TODO: check
CVE-2022-39228
RESERVED
CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web
Tokens. V ...)
@@ -8779,8 +8784,8 @@ CVE-2022-39203 (matrix-appservice-irc is an open source
Node.js IRC bridge for M
NOT-FOR-US: matrix-appservice-irc
CVE-2022-39202 (matrix-appservice-irc is an open source Node.js IRC bridge for
Matrix. ...)
NOT-FOR-US: matrix-appservice-irc
-CVE-2022-39201
- RESERVED
+CVE-2022-39201 (Grafana is an open source observability and data visualization
platfor ...)
+ TODO: check
CVE-2022-39200 (Dendrite is a Matrix homeserver written in Go. In affected
versions ev ...)
NOT-FOR-US: Dendrite
CVE-2022-39199
@@ -12018,8 +12023,8 @@ CVE-2022-2782
RESERVED
CVE-2022-2781 (In affected versions of Octopus Server it was identified that
the same ...)
NOT-FOR-US: Octopus
-CVE-2022-2780
- RESERVED
+CVE-2022-2780 (In affected versions of Octopus Server it is possible to use
the Git C ...)
+ TODO: check
CVE-2022-2779 (A vulnerability classified as critical was found in
SourceCodester Gas ...)
NOT-FOR-US: SourceCodester Gas Agency Management System
CVE-2022-2778 (In affected versions of Octopus Deploy it is possible to bypass
rate l ...)
@@ -15537,10 +15542,10 @@ CVE-2022-36805
RESERVED
CVE-2022-36804 (Multiple API endpoints in Atlassian Bitbucket Server and Data
Center 7 ...)
NOT-FOR-US: Atlassian
-CVE-2022-36803
- RESERVED
-CVE-2022-36802
- RESERVED
+CVE-2022-36803 (The MasterUserEdit API in Atlassian Jira Align Server before
version 1 ...)
+ TODO: check
+CVE-2022-36802 (The ManageJiraConnectors API in Atlassian Jira Align before
version 10 ...)
+ TODO: check
CVE-2022-36801 (Affected versions of Atlassian Jira Server and Data Center
allow anony ...)
NOT-FOR-US: Atlassian
CVE-2022-36800 (Affected versions of Atlassian Jira Service Management Server
and Data ...)
@@ -17721,8 +17726,8 @@ CVE-2022-35946 (GLPI stands for Gestionnaire Libre de
Parc Informatique and is a
CVE-2022-35945 (GLPI stands for Gestionnaire Libre de Parc Informatique and is
a Free ...)
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2022-35944
- RESERVED
+CVE-2022-35944 (October is a self-hosted Content Management System (CMS)
platform base ...)
+ TODO: check
CVE-2022-35943 (Shield is an authentication and authorization framework for
CodeIgnite ...)
- codeigniter <itp> (bug #471583)
CVE-2022-35942 (Improper input validation on the `contains` LoopBack filter
may allow ...)
@@ -18570,10 +18575,10 @@ CVE-2022-35614
RESERVED
CVE-2022-35613
RESERVED
-CVE-2022-35612
- RESERVED
-CVE-2022-35611
- RESERVED
+CVE-2022-35612 (A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3
and below ...)
+ TODO: check
+CVE-2022-35611 (A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and
below allows ...)
+ TODO: check
CVE-2022-35610
RESERVED
CVE-2022-35609
@@ -19828,12 +19833,12 @@ CVE-2022-35138
RESERVED
CVE-2022-35137 (DGIOT Lightweight industrial IoT v4.5.4 was discovered to
contain mult ...)
NOT-FOR-US: DGIOT Lightweight industrial IoT
-CVE-2022-35136
- RESERVED
-CVE-2022-35135
- RESERVED
-CVE-2022-35134
- RESERVED
+CVE-2022-35136 (Boodskap IoT Platform v4.4.9-02 allows attackers to make
unauthenticat ...)
+ TODO: check
+CVE-2022-35135 (Boodskap IoT Platform v4.4.9-02 allows attackers to escalate
privilege ...)
+ TODO: check
+CVE-2022-35134 (Boodskap IoT Platform v4.4.9-02 contains a cross-site
scripting (XSS) ...)
+ TODO: check
CVE-2022-35133 (A cross-site scripting (XSS) vulnerability in CherryTree
v0.99.30 allo ...)
- cherrytree <not-affected> (No vulnerable version ever uploaded,
introduced in 0.99.44 and fixed in 0.99.45)
NOTE:
https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing
@@ -22976,10 +22981,10 @@ CVE-2022-34024 (Barangay Management System v1.0 was
discovered to contain an arb
NOT-FOR-US: Barangay Management System
CVE-2022-34023 (Barangay Management System v1.0 was discovered to contain a
SQL inject ...)
NOT-FOR-US: Barangay Management System
-CVE-2022-34022
- RESERVED
-CVE-2022-34021
- RESERVED
+CVE-2022-34022 (SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN
Network S ...)
+ TODO: check
+CVE-2022-34021 (Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT
IOT Plat ...)
+ TODO: check
CVE-2022-34020 (Cross Site Request Forgery (CSRF) vulnerability in ResIOT
ResIOT IOT P ...)
NOT-FOR-US: DellResIOT
CVE-2022-34019
@@ -27778,8 +27783,8 @@ CVE-2022-32179
RESERVED
CVE-2022-32178
RESERVED
-CVE-2022-32177
- RESERVED
+CVE-2022-32177 (In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are
vulnerable ...)
+ TODO: check
CVE-2022-32176
RESERVED
CVE-2022-32175 (In AdGuardHome, versions v0.95 through v0.108.0-b.13 are
vulnerable to ...)
@@ -30793,8 +30798,8 @@ CVE-2022-31132 (Nextcloud Mail is an email application
for the nextcloud persona
NOT-FOR-US: Nextcloud Mail
CVE-2022-31131 (Nextcloud mail is a Mail app for the Nextcloud home server
product. Ve ...)
NOT-FOR-US: Nextcloud Mail app
-CVE-2022-31130
- RESERVED
+CVE-2022-31130 (Grafana is an open source observability and data visualization
platfor ...)
+ TODO: check
CVE-2022-31129 (moment is a JavaScript date library for parsing, validating,
manipulat ...)
- node-moment 2.29.4+ds-1 (bug #1014845)
[bullseye] - node-moment 2.29.1+ds-2+deb11u2
@@ -30812,8 +30817,8 @@ CVE-2022-31125 (Roxy-wi is an open source web interface
for managing Haproxy, Ng
NOT-FOR-US: Roxy-wi
CVE-2022-31124 (openssh_key_parser is an open source Python package providing
utilitie ...)
NOT-FOR-US: openssh_key_parser
-CVE-2022-31123
- RESERVED
+CVE-2022-31123 (Grafana is an open source observability and data visualization
platfor ...)
+ TODO: check
CVE-2022-31122
RESERVED
CVE-2022-31121 (Hyperledger Fabric is a permissioned distributed ledger
framework. In ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e597bf16b9d8332df35e8b29e6d651b6b2a8a1a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e597bf16b9d8332df35e8b29e6d651b6b2a8a1a0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
