Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
19669ea5 by security tracker role at 2022-10-29T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-43998
+ RESERVED
+CVE-2022-3757 (A vulnerability was found in Exiv2. It has been declared as
critical. ...)
+ TODO: check
+CVE-2022-3756 (A vulnerability was found in Exiv2. It has been classified as
critical ...)
+ TODO: check
+CVE-2022-3755 (A vulnerability was found in Exiv2 and classified as
problematic. This ...)
+ TODO: check
+CVE-2022-3754 (Weak Password Requirements in GitHub repository
thorsten/phpmyfaq prio ...)
+ TODO: check
+CVE-2022-3753
+ RESERVED
CVE-2022-43997
RESERVED
CVE-2022-43996
@@ -4782,6 +4794,7 @@ CVE-2022-42892
CVE-2022-42891
RESERVED
CVE-2022-42890 (A vulnerability in Batik of Apache XML Graphics allows an
attacker to ...)
+ {DLA-3169-1}
- batik 1.16+dfsg-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/3
NOTE: https://issues.apache.org/jira/browse/BATIK-1345
@@ -6851,13 +6864,11 @@ CVE-2022-41976
RESERVED
CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before
6.22.826 on Win ...)
NOT-FOR-US: RealVNC
-CVE-2022-41974 [Authorization bypass]
- RESERVED
+CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local
users to ...)
- multipath-tools <unfixed> (bug #1022742)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2
NOTE: Introduced by:
https://github.com/opensvc/multipath-tools/commit/9acda0c47b143f2ef6123957d2ccd24ea995dc04
(0.7.0)
-CVE-2022-41973 [Symlink attack]
- RESERVED
+CVE-2022-41973 (multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local
users to ...)
- multipath-tools <unfixed> (bug #1022742)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2
NOTE: Introduced by:
https://github.com/opensvc/multipath-tools/commit/65d0a633e066223d361cd1a254ebdfe36a133a5c
(0.7.7)
@@ -7533,6 +7544,7 @@ CVE-2022-41706
CVE-2022-41705
RESERVED
CVE-2022-41704 (A vulnerability in Batik of Apache XML Graphics allows an
attacker to ...)
+ {DLA-3169-1}
- batik 1.16+dfsg-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/2
NOTE: https://issues.apache.org/jira/browse/BATIK-1338
@@ -32652,6 +32664,7 @@ CVE-2022-32168 (Notepad++ versions 8.4.1 and before are
vulnerable to DLL hijack
CVE-2022-32167 (Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to
Stored Cros ...)
NOT-FOR-US: Cloudreve
CVE-2022-32166 (In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap
buffer o ...)
+ {DLA-3168-1}
- openvswitch 2.13.0+dfsg1-1
NOTE:
https://github.com/openvswitch/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73
(v2.12.0)
CVE-2022-32165
@@ -40757,6 +40770,7 @@ CVE-2022-29460
CVE-2022-29459
RESERVED
CVE-2022-29458 (ncurses 6.3 before patch 20220416 has an out-of-bounds read
and segmen ...)
+ {DLA-3167-1}
- ncurses 6.3+20220423-1 (bug #1009870)
[bullseye] - ncurses <no-dsa> (Minor issue)
[stretch] - ncurses <no-dsa> (Minor issue)
@@ -76536,8 +76550,8 @@ CVE-2021-42778 (A heap double free issue was found in
Opensc before version 0.22
NOTE:
https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7
(0.22.0-rc1)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016083
-CVE-2021-42777
- RESERVED
+CVE-2021-42777 (Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when
Compilation Mo ...)
+ TODO: check
CVE-2021-42776 (CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1
allows XXE ...)
NOT-FOR-US: CloverDX Server
CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions
before 11.4.4 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19669ea526db2ce7e6a209e438b4fbe20c8c3744
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19669ea526db2ce7e6a209e438b4fbe20c8c3744
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
