Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e807d609 by security tracker role at 2022-11-02T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2022-44635
+ RESERVED
+CVE-2022-44634
+ RESERVED
+CVE-2022-44633
+ RESERVED
+CVE-2022-44632
+ RESERVED
+CVE-2022-44631
+ RESERVED
+CVE-2022-44630
+ RESERVED
+CVE-2022-44629
+ RESERVED
+CVE-2022-44628
+ RESERVED
+CVE-2022-44627
+ RESERVED
+CVE-2022-44626
+ RESERVED
+CVE-2022-44625
+ RESERVED
+CVE-2022-44624
+ RESERVED
+CVE-2022-44623
+ RESERVED
+CVE-2022-44622
+ RESERVED
+CVE-2022-44621
+ RESERVED
+CVE-2022-44618
+ RESERVED
+CVE-2022-44614
+ RESERVED
+CVE-2022-44613
+ RESERVED
+CVE-2022-44609
+ RESERVED
+CVE-2022-44452
+ RESERVED
+CVE-2022-43661
+ RESERVED
+CVE-2022-43511
+ RESERVED
+CVE-2022-43510
+ RESERVED
+CVE-2022-43446
+ RESERVED
+CVE-2022-42465
+ RESERVED
+CVE-2022-3843
+ RESERVED
+CVE-2022-3842
+ RESERVED
+CVE-2022-3841
+ RESERVED
+CVE-2022-3840
+ RESERVED
+CVE-2022-3839
+ RESERVED
+CVE-2022-3838
+ RESERVED
+CVE-2022-3837
+ RESERVED
+CVE-2022-3836
+ RESERVED
+CVE-2022-3835
+ RESERVED
+CVE-2022-3834
+ RESERVED
+CVE-2022-3833
+ RESERVED
+CVE-2022-3832
+ RESERVED
+CVE-2022-3831
+ RESERVED
+CVE-2022-3830
+ RESERVED
+CVE-2022-3829
+ RESERVED
+CVE-2022-3828
+ RESERVED
+CVE-2022-3827 (A vulnerability was found in centreon. It has been declared as
critica ...)
+ TODO: check
+CVE-2022-3826 (A vulnerability was found in Huaxia ERP. It has been classified
as pro ...)
+ TODO: check
+CVE-2022-3825 (A vulnerability was found in Huaxia ERP 2.3 and classified as
critical ...)
+ TODO: check
+CVE-2022-3824
+ RESERVED
+CVE-2022-3823
+ RESERVED
+CVE-2022-3822
+ RESERVED
+CVE-2022-3821
+ RESERVED
+CVE-2022-3820
+ RESERVED
+CVE-2022-3819
+ RESERVED
+CVE-2022-3818
+ RESERVED
+CVE-2022-3817 (A vulnerability has been found in Axiomatic Bento4 and
classified as p ...)
+ TODO: check
+CVE-2022-3816 (A vulnerability, which was classified as problematic, was found
in Axi ...)
+ TODO: check
+CVE-2022-3815 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2022-3814 (A vulnerability classified as problematic was found in
Axiomatic Bento ...)
+ TODO: check
+CVE-2022-3813 (A vulnerability classified as problematic has been found in
Axiomatic ...)
+ TODO: check
+CVE-2022-3812 (A vulnerability was found in Axiomatic Bento4. It has been
rated as pr ...)
+ TODO: check
+CVE-2020-36608
+ RESERVED
CVE-2023-20903
RESERVED
CVE-2023-20902
@@ -184,10 +300,10 @@ CVE-2022-44564
RESERVED
CVE-2022-3811
RESERVED
-CVE-2022-3810
- RESERVED
-CVE-2022-3809
- RESERVED
+CVE-2022-3810 (A vulnerability was found in Axiomatic Bento4. It has been
classified ...)
+ TODO: check
+CVE-2022-3809 (A vulnerability was found in Axiomatic Bento4 and classified as
proble ...)
+ TODO: check
CVE-2022-3808 (A vulnerability classified as problematic has been found in
WebFactory ...)
NOT-FOR-US: WebFactory Under Construction Plugin
CVE-2022-3807 (A vulnerability was found in Axiomatic Bento4. It has been
rated as pr ...)
@@ -1462,8 +1578,8 @@ CVE-2022-43997
RESERVED
CVE-2022-43996
RESERVED
-CVE-2022-43995
- RESERVED
+CVE-2022-43995 (Sudo 1.8.0 through 1.9.12, with the crypt() password backend,
contains ...)
+ TODO: check
CVE-2022-43994
RESERVED
CVE-2022-43993
@@ -1482,8 +1598,7 @@ CVE-2022-43987
RESERVED
CVE-2022-43986
RESERVED
-CVE-2022-43985
- RESERVED
+CVE-2022-43985 (In Apache Airflow versions prior to 2.4.2, there was an open
redirect ...)
- airflow <itp> (bug #819700)
CVE-2022-43984
RESERVED
@@ -1493,8 +1608,7 @@ CVE-2022-3752
RESERVED
CVE-2022-3751
RESERVED
-CVE-2022-43982
- RESERVED
+CVE-2022-43982 (In Apache Airflow versions prior to 2.4.2, the "Trigger DAG
with confi ...)
- airflow <itp> (bug #819700)
CVE-2022-43981
RESERVED
@@ -3348,8 +3462,7 @@ CVE-2022-3725 (Crash in the OPUS protocol dissector in
Wireshark 3.6.0 to 3.6.8
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18378
CVE-2022-3724
RESERVED
-CVE-2022-3723
- RESERVED
+CVE-2022-3723 (Type confusion in V8 in Google Chrome prior to 107.0.5304.87
allowed a ...)
{DSA-5263-1}
- chromium 107.0.5304.87-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -4012,8 +4125,8 @@ CVE-2022-43672
RESERVED
CVE-2022-43671
RESERVED
-CVE-2022-43670
- RESERVED
+CVE-2022-43670 (An improper neutralization of input during web page generation
('Cross ...)
+ TODO: check
CVE-2022-43667
RESERVED
CVE-2022-43509
@@ -4194,53 +4307,43 @@ CVE-2022-43609
RESERVED
CVE-2022-43608
RESERVED
-CVE-2022-3661
- RESERVED
+CVE-2022-3661 (Insufficient data validation in Extensions in Google Chrome
prior to 1 ...)
{DSA-5261-1}
- chromium 107.0.5304.68-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3660
- RESERVED
+CVE-2022-3660 (Inappropriate implementation in Full screen mode in Google
Chrome on A ...)
{DSA-5261-1}
- chromium 107.0.5304.68-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3659
- RESERVED
+CVE-2022-3659 (Use after free in Accessibility in Google Chrome on Chrome OS
prior to ...)
{DSA-5261-1}
- chromium 107.0.5304.68-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3658
- RESERVED
+CVE-2022-3658 (Use after free in Feedback service on Chrome OS in Google
Chrome on Ch ...)
{DSA-5261-1}
- chromium 107.0.5304.68-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3657
- RESERVED
+CVE-2022-3657 (Use after free in Extensions in Google Chrome prior to
107.0.5304.62 a ...)
{DSA-5261-1}
- chromium 107.0.5304.68-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3656
- RESERVED
+CVE-2022-3656 (Insufficient data validation in File System in Google Chrome
prior to ...)
{DSA-5261-1}
- chromium 107.0.5304.68-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3655
- RESERVED
+CVE-2022-3655 (Heap buffer overflow in Media Galleries in Google Chrome prior
to 107. ...)
{DSA-5261-1}
- chromium 107.0.5304.68-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3654
- RESERVED
+CVE-2022-3654 (Use after free in Layout in Google Chrome prior to
107.0.5304.62 allow ...)
{DSA-5261-1}
- chromium 107.0.5304.68-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3653
- RESERVED
+CVE-2022-3653 (Heap buffer overflow in Vulkan in Google Chrome prior to
107.0.5304.62 ...)
{DSA-5261-1}
- chromium 107.0.5304.68-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3652
- RESERVED
+CVE-2022-3652 (Type confusion in V8 in Google Chrome prior to 107.0.5304.62
allowed a ...)
{DSA-5261-1}
- chromium 107.0.5304.68-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -4949,8 +5052,8 @@ CVE-2022-41777
RESERVED
CVE-2022-41642
RESERVED
-CVE-2022-3575
- RESERVED
+CVE-2022-3575 (Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2
v2.8.0 to ...)
+ TODO: check
CVE-2022-3574
RESERVED
CVE-2022-3573
@@ -5222,48 +5325,48 @@ CVE-2022-43257
RESERVED
CVE-2022-43256
RESERVED
-CVE-2022-43255
- RESERVED
-CVE-2022-43254
- RESERVED
-CVE-2022-43253
- RESERVED
-CVE-2022-43252
- RESERVED
+CVE-2022-43255 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to
contain a mem ...)
+ TODO: check
+CVE-2022-43254 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to
contain a mem ...)
+ TODO: check
+CVE-2022-43253 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ TODO: check
+CVE-2022-43252 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ TODO: check
CVE-2022-43251
RESERVED
-CVE-2022-43250
- RESERVED
-CVE-2022-43249
- RESERVED
-CVE-2022-43248
- RESERVED
+CVE-2022-43250 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ TODO: check
+CVE-2022-43249 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ TODO: check
+CVE-2022-43248 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ TODO: check
CVE-2022-43247
RESERVED
CVE-2022-43246
RESERVED
-CVE-2022-43245
- RESERVED
-CVE-2022-43244
- RESERVED
-CVE-2022-43243
- RESERVED
-CVE-2022-43242
- RESERVED
-CVE-2022-43241
- RESERVED
-CVE-2022-43240
- RESERVED
-CVE-2022-43239
- RESERVED
-CVE-2022-43238
- RESERVED
-CVE-2022-43237
- RESERVED
-CVE-2022-43236
- RESERVED
-CVE-2022-43235
- RESERVED
+CVE-2022-43245 (Libde265 v1.0.8 was discovered to contain a segmentation
violation via ...)
+ TODO: check
+CVE-2022-43244 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ TODO: check
+CVE-2022-43243 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ TODO: check
+CVE-2022-43242 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ TODO: check
+CVE-2022-43241 (Libde265 v1.0.8 was discovered to contain an unknown crash via
ff_hevc ...)
+ TODO: check
+CVE-2022-43240 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ TODO: check
+CVE-2022-43239 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ TODO: check
+CVE-2022-43238 (Libde265 v1.0.8 was discovered to contain an unknown crash via
ff_hevc ...)
+ TODO: check
+CVE-2022-43237 (Libde265 v1.0.8 was discovered to contain a
stack-buffer-overflow vuln ...)
+ TODO: check
+CVE-2022-43236 (Libde265 v1.0.8 was discovered to contain a
stack-buffer-overflow vuln ...)
+ TODO: check
+CVE-2022-43235 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
+ TODO: check
CVE-2022-43234
RESERVED
CVE-2022-43233 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
@@ -5278,10 +5381,10 @@ CVE-2022-43229 (Simple Cold Storage Management System
v1.0 was discovered to con
NOT-FOR-US: Simple Cold Storage Management System
CVE-2022-43228 (Barangay Management System v1.0 was discovered to contain a
SQL inject ...)
NOT-FOR-US: Barangay Management System
-CVE-2022-43227
- RESERVED
-CVE-2022-43226
- RESERVED
+CVE-2022-43227 (Online Diagnostic Lab Management System v1.0 was discovered to
contain ...)
+ TODO: check
+CVE-2022-43226 (Online Diagnostic Lab Management System v1.0 was discovered to
contain ...)
+ TODO: check
CVE-2022-43225
RESERVED
CVE-2022-43224
@@ -7261,8 +7364,8 @@ CVE-2022-42475
RESERVED
CVE-2022-42474
RESERVED
-CVE-2022-42473
- RESERVED
+CVE-2022-42473 (A missing authentication for a critical function vulnerability
in Fort ...)
+ TODO: check
CVE-2022-42472
RESERVED
CVE-2022-42471
@@ -9068,8 +9171,8 @@ CVE-2022-41718
RESERVED
CVE-2022-41717
RESERVED
-CVE-2022-41716
- RESERVED
+CVE-2022-41716 (Due to unsanitized NUL values, attackers may be able to
maliciously se ...)
+ TODO: check
CVE-2022-41715 (Programs which compile regular expressions from untrusted
sources may ...)
- golang-1.19 1.19.2-1
- golang-1.18 1.18.7-1
@@ -9573,8 +9676,8 @@ CVE-2022-41553 (Insertion of Sensitive Information into
Temporary File vulnerabi
NOT-FOR-US: Hitachi
CVE-2022-41552 (Server-Side Request Forgery (SSRF) vulnerability in Hitachi
Infrastruc ...)
NOT-FOR-US: Hitachi
-CVE-2022-41551
- RESERVED
+CVE-2022-41551 (Garage Management System v1.0 was discovered to contain a SQL
injectio ...)
+ TODO: check
CVE-2022-41550 (GNU oSIP v5.3.0 was discovered to contain an integer overflow
via the ...)
- libosip2 <unfixed> (bug #1021662)
[bullseye] - libosip2 <no-dsa> (Minor issue)
@@ -11237,8 +11340,8 @@ CVE-2022-40842
RESERVED
CVE-2022-40841
RESERVED
-CVE-2022-40840
- RESERVED
+CVE-2022-40840 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable
to Cross ...)
+ TODO: check
CVE-2022-40839 (A SQL injection vulnerability in the height and width
parameter in Ndk ...)
TODO: check
CVE-2022-40838
@@ -11784,7 +11887,7 @@ CVE-2022-3202 (A NULL pointer dereference flaw in
diFree in fs/jfs/inode.c in Jo
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
NOTE:
https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47 (5.18-rc1)
-CVE-2022-3201 (Insufficient validation of untrusted input in Developer tools
in Googl ...)
+CVE-2022-3201 (Insufficient validation of untrusted input in DevTools in
Google Chrom ...)
{DSA-5244-1 DSA-5230-1}
- chromium 106.0.5249.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -13412,18 +13515,18 @@ CVE-2022-39952
RESERVED
CVE-2022-39951
RESERVED
-CVE-2022-39950
- RESERVED
-CVE-2022-39949
- RESERVED
+CVE-2022-39950 (An improper neutralization of input during web page generation
vulnera ...)
+ TODO: check
+CVE-2022-39949 (An improper control of a resource through its lifetime
vulnerability [ ...)
+ TODO: check
CVE-2022-39948
RESERVED
CVE-2022-39947
RESERVED
CVE-2022-39946
RESERVED
-CVE-2022-39945
- RESERVED
+CVE-2022-39945 (An improper access control vulnerability [CWE-284] in
FortiMail 7.2.0, ...)
+ TODO: check
CVE-2022-39944 (In Apache Linkis <=1.2.0 when used with the MySQL
Connector/J, a de ...)
NOT-FOR-US: Apache Linkis
CVE-2022-39943
@@ -14660,14 +14763,14 @@ CVE-2022-39383
RESERVED
CVE-2022-39382
RESERVED
-CVE-2022-39381
- RESERVED
+CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF
with js f ...)
+ TODO: check
CVE-2022-39380
RESERVED
-CVE-2022-39379
- RESERVED
-CVE-2022-39378
- RESERVED
+CVE-2022-39379 (Fluentd collects events from various data sources and writes
them to f ...)
+ TODO: check
+CVE-2022-39378 (Discourse is a platform for community discussion. Under
certain condit ...)
+ TODO: check
CVE-2022-39377
RESERVED
CVE-2022-39376
@@ -14710,14 +14813,14 @@ CVE-2022-39358 (Metabase is data visualization
software. Prior to versions 0.44.
NOT-FOR-US: Metabase
CVE-2022-39357 (Winter is a free, open-source content management system based
on the L ...)
NOT-FOR-US: Winter
-CVE-2022-39356
- RESERVED
+CVE-2022-39356 (Discourse is a platform for community discussion. Users who
receive an ...)
+ TODO: check
CVE-2022-39355 (Discourse Patreon enables syncronization between Discourse
Groups and ...)
NOT-FOR-US: Discourse Patreon
CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of
Ethereum Virtu ...)
NOT-FOR-US: Rust crate evm
-CVE-2022-39353
- RESERVED
+CVE-2022-39353 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level
2 Core) ...)
+ TODO: check
CVE-2022-39352
RESERVED
CVE-2022-39351 (Dependency-Track is a Component Analysis platform that allows
organiza ...)
@@ -15013,8 +15116,8 @@ CVE-2022-39243 (NuProcess is an external process
execution implementation for Ja
NOT-FOR-US: NuProcess
CVE-2022-39242 (Frontier is an Ethereum compatibility layer for Substrate.
Prior to co ...)
NOT-FOR-US: Frontier
-CVE-2022-39241
- RESERVED
+CVE-2022-39241 (Discourse is a platform for community discussion. A malicious
admin co ...)
+ TODO: check
CVE-2022-39240 (MyGraph is a permission management system. Versions prior to
1.0.4 are ...)
NOT-FOR-US: MyGraph
CVE-2022-39239 (netlify-ipx is an on-Demand image optimization for Netlify
using ipx. ...)
@@ -17724,10 +17827,10 @@ CVE-2022-2852 (Use after free in FedCM in Google
Chrome prior to 104.0.5112.101
{DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-38381
- RESERVED
-CVE-2022-38380
- RESERVED
+CVE-2022-38381 (An improper handling of malformed request vulnerability
[CWE-228] exis ...)
+ TODO: check
+CVE-2022-38380 (An improper access control [CWE-284] vulnerability in FortiOS
version ...)
+ TODO: check
CVE-2022-38379
RESERVED
CVE-2022-38378
@@ -17738,12 +17841,12 @@ CVE-2022-38376
RESERVED
CVE-2022-38375
RESERVED
-CVE-2022-38374
- RESERVED
-CVE-2022-38373
- RESERVED
-CVE-2022-38372
- RESERVED
+CVE-2022-38374 (A improper neutralization of input during web page generation
('cross- ...)
+ TODO: check
+CVE-2022-38373 (An improper neutralization of input during web page generation
vulnera ...)
+ TODO: check
+CVE-2022-38372 (A hidden functionality vulnerability [CWE-1242] in FortiTester
CLI 2.3 ...)
+ TODO: check
CVE-2022-38371 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
NOT-FOR-US: Siemens
CVE-2022-38370 (Apache IoTDB grafana-connector version 0.13.0 contains an
interface wi ...)
@@ -19987,7 +20090,7 @@ CVE-2022-37456
CVE-2022-37455
RESERVED
CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef
has an i ...)
- {DSA-5267-1 DLA-3175-1 DLA-3174-1}
+ {DSA-5269-1 DSA-5267-1 DLA-3175-1 DLA-3174-1}
- php8.1 8.1.12-1
- php7.4 <removed>
- php7.3 <removed>
@@ -24364,8 +24467,8 @@ CVE-2022-35853
RESERVED
CVE-2022-35852
RESERVED
-CVE-2022-35851
- RESERVED
+CVE-2022-35851 (An improper neutralization of input during web page generation
vulnera ...)
+ TODO: check
CVE-2022-35850
RESERVED
CVE-2022-35849
@@ -24382,8 +24485,8 @@ CVE-2022-35844 (An improper neutralization of special
elements used in an OS com
NOT-FOR-US: FortiGuard
CVE-2022-35843
RESERVED
-CVE-2022-35842
- RESERVED
+CVE-2022-35842 (An exposure of sensitive information to an unauthorized actor
vulnerab ...)
+ TODO: check
CVE-2022-35841 (Windows Enterprise App Management Service Remote Code
Execution Vulner ...)
NOT-FOR-US: Microsoft
CVE-2022-35840 (Microsoft OLE DB Provider for SQL Server Remote Code Execution
Vulnera ...)
@@ -29977,8 +30080,8 @@ CVE-2022-33879 (The initial fixes in CVE-2022-30126 and
CVE-2022-30973 for regex
[bullseye] - tika <no-dsa> (Minor issue)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/27/5
-CVE-2022-33878
- RESERVED
+CVE-2022-33878 (An exposure of sensitive information to an unauthorized actor
vulnerab ...)
+ TODO: check
CVE-2022-33877
RESERVED
CVE-2022-33876
@@ -29993,8 +30096,8 @@ CVE-2022-33872 (An improper neutralization of special
elements used in an OS Com
NOT-FOR-US: Fortiguard
CVE-2022-33871
RESERVED
-CVE-2022-33870
- RESERVED
+CVE-2022-33870 (An improper neutralization of special elements used in an OS
command v ...)
+ TODO: check
CVE-2022-33869
RESERVED
CVE-2022-2100 (The Page Generator WordPress plugin before 1.6.5 does not
sanitise and ...)
@@ -39793,8 +39896,8 @@ CVE-2022-30309 (In Festo Controller CECC-X-M1 product
family in multiple version
NOT-FOR-US: Festo
CVE-2022-30308 (In Festo Controller CECC-X-M1 product family in multiple
versions, the ...)
NOT-FOR-US: Festo
-CVE-2022-30307
- RESERVED
+CVE-2022-30307 (A key management error vulnerability [CWE-320] affecting the
RSA SSH h ...)
+ TODO: check
CVE-2022-30306
RESERVED
CVE-2022-30305
@@ -52190,14 +52293,14 @@ CVE-2022-26125 (Buffer overflow vulnerabilities exist
in FRRouting through 8.1.0
[bullseye] - frr <no-dsa> (Minor issue)
[buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/10507
-CVE-2022-26122
- RESERVED
+CVE-2022-26122 (An insufficient verification of data authenticity
vulnerability [CWE-3 ...)
+ TODO: check
CVE-2022-26121 (An exposure of resource to wrong sphere vulnerability
[CWE-668] in For ...)
NOT-FOR-US: FortiGuard
CVE-2022-26120 (Multiple improper neutralization of special elements used in
an SQL Co ...)
NOT-FOR-US: Fortinet
-CVE-2022-26119
- RESERVED
+CVE-2022-26119 (A improper authentication vulnerability in Fortinet FortiSIEM
before 6 ...)
+ TODO: check
CVE-2022-26118 (A privilege chaining vulnerability [CWE-268] in FortiManager
and Forti ...)
NOT-FOR-US: Fortinet
CVE-2022-26117 (An empty password in configuration file vulnerability
[CWE-258] in For ...)
@@ -55512,8 +55615,8 @@ CVE-2022-24938
RESERVED
CVE-2022-24937
RESERVED
-CVE-2022-24936
- RESERVED
+CVE-2022-24936 (Out-of-Bounds error in GBL parser in Silicon Labs Gecko
Bootloader ver ...)
+ TODO: check
CVE-2022-24935 (Lexmark products through 2022-02-10 have Incorrect Access
Control. ...)
NOT-FOR-US: Lexmark
CVE-2022-24934 (wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382
allows remo ...)
@@ -67580,12 +67683,12 @@ CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x
before 3.1.0, psa_cipher_gener
NOTE:
https://github.com/ARMmbed/mbedtls/commit/4c224fe3ccbe527a2b7d55a927f1f09511ff1b83
(mbedtls-2.28.0)
CVE-2021-45449 (Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log
sensitiv ...)
NOT-FOR-US: Docker Desktop on Windows
-CVE-2021-45448
- RESERVED
-CVE-2021-45447
- RESERVED
-CVE-2021-45446
- RESERVED
+CVE-2021-45448 (Pentaho Business Analytics Server versions before 9.2.0.2 and
8.3.0.25 ...)
+ TODO: check
+CVE-2021-45447 (Hitachi Vantara Pentaho Business Analytics Server versions
before 9.3. ...)
+ TODO: check
+CVE-2021-45446 (A vulnerability in Hitachi Vantara Pentaho Business Analytics
Server v ...)
+ TODO: check
CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0,
and 62.0 h ...)
NOT-FOR-US: Unisys
CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if
they co ...)
@@ -92289,8 +92392,8 @@ CVE-2021-37791 (MyAdmin v1.0 is affected by an
incorrect access control vulnerab
NOT-FOR-US: cdfan/my-admin
CVE-2021-37790
RESERVED
-CVE-2021-37789
- RESERVED
+CVE-2021-37789 (stb_image.h 2.27 has a heap-based buffer over in
stbi__jpeg_load, lead ...)
+ TODO: check
CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603
could all ...)
NOT-FOR-US: Gurock TestRail
CVE-2021-37787
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e807d6094d47bc3cdf80832be61867ff3720be0d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e807d6094d47bc3cdf80832be61867ff3720be0d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
