Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3de58829 by security tracker role at 2022-11-19T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2022-45483
+ RESERVED
+CVE-2022-45482
+ RESERVED
+CVE-2022-45481
+ RESERVED
+CVE-2022-45480
+ RESERVED
+CVE-2022-45479
+ RESERVED
+CVE-2022-45478
+ RESERVED
+CVE-2022-45477
+ RESERVED
+CVE-2022-45476
+ RESERVED
+CVE-2022-45475
+ RESERVED
+CVE-2022-4063
+ RESERVED
+CVE-2022-4062
+ RESERVED
CVE-2022-45474 (drachtio-server 0.8.18 has a request-handler.cpp event_cb
use-after-fr ...)
NOT-FOR-US: drachtio-server
CVE-2022-45473 (In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and
drachti ...)
@@ -42,8 +64,8 @@ CVE-2022-45463
RESERVED
CVE-2022-4056
RESERVED
-CVE-2022-4055
- RESERVED
+CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs,
improp ...)
+ TODO: check
CVE-2022-4054
RESERVED
CVE-2022-45462
@@ -659,8 +681,8 @@ CVE-2022-45371
RESERVED
CVE-2022-45370
RESERVED
-CVE-2022-45369
- RESERVED
+CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in
Plugin for ...)
+ TODO: check
CVE-2022-45368
RESERVED
CVE-2022-45367
@@ -1158,8 +1180,8 @@ CVE-2022-45165
RESERVED
CVE-2022-45164
RESERVED
-CVE-2022-45163
- RESERVED
+CVE-2022-45163 (An information-disclosure vulnerability exists on select NXP
devices w ...)
+ TODO: check
CVE-2022-45162
RESERVED
CVE-2022-45161
@@ -1307,8 +1329,8 @@ CVE-2022-45134
RESERVED
CVE-2022-45133
RESERVED
-CVE-2022-45132
- RESERVED
+CVE-2022-45132 (In Linaro Automated Validation Architecture (LAVA) before
2022.11.1, r ...)
+ TODO: check
CVE-2022-45131
RESERVED
CVE-2022-45130 (Plesk Obsidian allows a CSRF attack, e.g., via the
/api/v2/cli/command ...)
@@ -1393,8 +1415,8 @@ CVE-2022-45084
RESERVED
CVE-2022-45083
RESERVED
-CVE-2022-45082
- RESERVED
+CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
+ TODO: check
CVE-2022-45081
RESERVED
CVE-2022-45080
@@ -1411,8 +1433,8 @@ CVE-2022-45075
RESERVED
CVE-2022-45074
RESERVED
-CVE-2022-45073
- RESERVED
+CVE-2022-45073 (Cross-Site Request Forgery (CSRF) vulnerability in REST API
Authentica ...)
+ TODO: check
CVE-2022-45072 (Cross-Site Request Forgery (CSRF) vulnerability in WPML
Multilingual C ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45071 (Cross-Site Request Forgery (CSRF) vulnerability in WPML
Multilingual C ...)
@@ -2246,8 +2268,8 @@ CVE-2022-44742
RESERVED
CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to
Cross-Site ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44740
- RESERVED
+CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
Creative ...)
+ TODO: check
CVE-2022-44739
RESERVED
CVE-2022-44738
@@ -3528,8 +3550,8 @@ CVE-2022-44643
RESERVED
CVE-2022-44642
RESERVED
-CVE-2022-44641
- RESERVED
+CVE-2022-44641 (In Linaro Automated Validation Architecture (LAVA) before
2022.11, use ...)
+ TODO: check
CVE-2022-44640 [Invalid free in ASN.1 codec]
RESERVED
- heimdal <unfixed> (bug #1024187)
@@ -3560,8 +3582,8 @@ CVE-2021-46853 (Alpine before 2.25 allows remote
attackers to cause a denial of
NOTE:
https://repo.or.cz/alpine.git/commitdiff/e58edb33f71687cb0b12c10a6cea2db2f8a35011
(v2.25)
CVE-2022-44635
RESERVED
-CVE-2022-44634
- RESERVED
+CVE-2022-44634 (Auth. (admin+) Arbitrary File Read vulnerability in S2W
– Import ...)
+ TODO: check
CVE-2022-44633
RESERVED
CVE-2022-44632
@@ -3824,10 +3846,10 @@ CVE-2022-44586 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) in Ayoub Media
NOT-FOR-US: Ayoub Media
CVE-2022-44585
RESERVED
-CVE-2022-44584
- RESERVED
-CVE-2022-44583
- RESERVED
+CVE-2022-44584 (Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ
plugin & ...)
+ TODO: check
+CVE-2022-44583 (Unauth. Arbitrary File Download vulnerability in WatchTowerHQ
plugin & ...)
+ TODO: check
CVE-2022-44582
RESERVED
CVE-2022-44581
@@ -7711,8 +7733,8 @@ CVE-2022-43675
RESERVED
CVE-2022-43674
RESERVED
-CVE-2022-43673
- RESERVED
+CVE-2022-43673 (Wire through 3.22.3993 on Windows advertises deletion of sent
messages ...)
+ TODO: check
CVE-2022-43672 (Zoho ManageEngine Password Manager Pro before 12122, PAM360
before 571 ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-43671 (Zoho ManageEngine Password Manager Pro before 12122, PAM360
before 571 ...)
@@ -8147,8 +8169,8 @@ CVE-2022-43513
RESERVED
CVE-2022-43499
RESERVED
-CVE-2022-43492
- RESERVED
+CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR)
vulnerabi ...)
+ TODO: check
CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced
Dynamic Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43490
@@ -8201,18 +8223,18 @@ CVE-2022-42888
RESERVED
CVE-2022-42884
RESERVED
-CVE-2022-42883
- RESERVED
+CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by
Quiz And ...)
+ TODO: check
CVE-2022-42882
RESERVED
CVE-2022-42880
RESERVED
CVE-2022-42699
RESERVED
-CVE-2022-42698
- RESERVED
-CVE-2022-42497
- RESERVED
+CVE-2022-42698 (Unauth. Arbitrary File Upload vulnerability in WordPress
Api2Cart Brid ...)
+ TODO: check
+CVE-2022-42497 (Arbitrary Code Execution vulnerability in Api2Cart Bridge
Connector pl ...)
+ TODO: check
CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One
SEO Pro ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42485
@@ -8225,8 +8247,8 @@ CVE-2022-42461 (Broken Access Control vulnerability in
miniOrange's Google Authe
NOT-FOR-US: WordPress plugin
CVE-2022-42460 (Broken Access Control vulnerability leading to Stored
Cross-Site Scrip ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-42459
- RESERVED
+CVE-2022-42459 (Auth. WordPress Options Change vulnerability in Image Hover
Effects Ul ...)
+ TODO: check
CVE-2022-41996 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion
Avada p ...)
NOT-FOR-US: WordPress theme
CVE-2022-41995
@@ -8243,8 +8265,8 @@ CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options
Update vulnerability in Zo
NOT-FOR-US: WordPress plugin
CVE-2022-41840 (Unauth. Directory Traversal vulnerability in Welcart eCommerce
plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41839
- RESERVED
+CVE-2022-41839 (Broken Access Control vulnerability in WordPress LoginPress
plugin < ...)
+ TODO: check
CVE-2022-41831
RESERVED
CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for
WooComm ...)
@@ -8253,8 +8275,8 @@ CVE-2022-41791 (Auth. (subscriber+) CSV Injection
vulnerability in ProfileGrid p
NOT-FOR-US: WordPress plugin
CVE-2022-41790
RESERVED
-CVE-2022-41788
- RESERVED
+CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability
in Soleda ...)
+ TODO: check
CVE-2022-41786
RESERVED
CVE-2022-41785
@@ -8267,8 +8289,8 @@ CVE-2022-41695
RESERVED
CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour
Booking plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41685
- RESERVED
+CVE-2022-41685 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
Viszt P& ...)
+ TODO: check
CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <=
7.3.10 on ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41619
@@ -8277,12 +8299,12 @@ CVE-2022-41554
RESERVED
CVE-2022-40968
RESERVED
-CVE-2022-40963
- RESERVED
-CVE-2022-40698
- RESERVED
-CVE-2022-40695
- RESERVED
+CVE-2022-40963 (Multiple Auth. (author+) Stored Cross-Site Scripting (XSS)
vulnerabili ...)
+ TODO: check
+CVE-2022-40698 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability
in Quiz A ...)
+ TODO: check
+CVE-2022-40695 (Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO
Redirectio ...)
+ TODO: check
CVE-2022-40692
RESERVED
CVE-2022-40687 (Cross-Site Request Forgery (CSRF) vulnerability in Creative
Mail plugi ...)
@@ -8301,7 +8323,7 @@ CVE-2022-38075 (Cross-Site Request Forgery (CSRF)
vulnerability leading to Store
NOT-FOR-US: WordPress plugin
CVE-2022-3648
RESERVED
-CVE-2022-3647 (A vulnerability, which was classified as problematic, was found
in Red ...)
+CVE-2022-3647 (** DISPUTED ** A vulnerability, which was classified as
problematic, w ...)
- redis <unfixed> (unimportant)
NOTE:
https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3
NOTE: Crash inside the crash report when redis already crashed due to
calling an invalid
@@ -9991,8 +10013,8 @@ CVE-2022-42907
CVE-2022-42905 (In wolfSSL before 5.5.2, if callback functions are enabled
(via the WO ...)
- wolfssl 5.5.3-1
NOTE: Fixed in 5.5.2
(https://www.wolfssl.com/docs/security-vulnerabilities/)
-CVE-2022-42904
- RESERVED
+CVE-2022-42904 (Zoho ManageEngine ADManager Plus through 7151 allows
authenticated adm ...)
+ TODO: check
CVE-2022-42903 (Zoho ManageEngine SupportCenter Plus through 11024 allows
low-privileg ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before
2022.10, the ...)
@@ -12292,10 +12314,10 @@ CVE-2022-41941
RESERVED
CVE-2022-41940
RESERVED
-CVE-2022-41939
- RESERVED
-CVE-2022-41938
- RESERVED
+CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the
developme ...)
+ TODO: check
+CVE-2022-41938 (Flarum is an open source discussion platform. Flarum's page
title syst ...)
+ TODO: check
CVE-2022-41937
RESERVED
CVE-2022-41936
@@ -12350,16 +12372,16 @@ CVE-2022-41913 (Discourse-calendar is a plugin for
the Discourse messaging platf
NOT-FOR-US: Discourse plugin
CVE-2022-41912
RESERVED
-CVE-2022-41911
- RESERVED
+CVE-2022-41911 (TensorFlow is an open source platform for machine learning.
When print ...)
+ TODO: check
CVE-2022-41910
RESERVED
-CVE-2022-41909
- RESERVED
-CVE-2022-41908
- RESERVED
-CVE-2022-41907
- RESERVED
+CVE-2022-41909 (TensorFlow is an open source platform for machine learning. An
input ` ...)
+ TODO: check
+CVE-2022-41908 (TensorFlow is an open source platform for machine learning. An
input ` ...)
+ TODO: check
+CVE-2022-41907 (TensorFlow is an open source platform for machine learning.
When `tf.r ...)
+ TODO: check
CVE-2022-41906 (OpenSearch Notifications is a notifications plugin for
OpenSearch that ...)
NOT-FOR-US: OpenSearch plugin
CVE-2022-41905 (WsgiDAV is a generic and extendable WebDAV server based on
WSGI. Imple ...)
@@ -12370,44 +12392,44 @@ CVE-2022-41903
RESERVED
CVE-2022-41902
RESERVED
-CVE-2022-41901
- RESERVED
-CVE-2022-41900
- RESERVED
-CVE-2022-41899
- RESERVED
-CVE-2022-41898
- RESERVED
-CVE-2022-41897
- RESERVED
-CVE-2022-41896
- RESERVED
-CVE-2022-41895
- RESERVED
-CVE-2022-41894
- RESERVED
-CVE-2022-41893
- RESERVED
+CVE-2022-41901 (TensorFlow is an open source platform for machine learning. An
input ` ...)
+ TODO: check
+CVE-2022-41900 (TensorFlow is an open source platform for machine learning.
The securi ...)
+ TODO: check
+CVE-2022-41899 (TensorFlow is an open source platform for machine learning.
Inputs `de ...)
+ TODO: check
+CVE-2022-41898 (TensorFlow is an open source platform for machine learning. If
`Sparse ...)
+ TODO: check
+CVE-2022-41897 (TensorFlow is an open source platform for machine learning. If
`Fracti ...)
+ TODO: check
+CVE-2022-41896 (TensorFlow is an open source platform for machine learning. If
`Thread ...)
+ TODO: check
+CVE-2022-41895 (TensorFlow is an open source platform for machine learning. If
`Mirror ...)
+ TODO: check
+CVE-2022-41894 (TensorFlow is an open source platform for machine learning.
The refere ...)
+ TODO: check
+CVE-2022-41893 (TensorFlow is an open source platform for machine learning. If
`tf.raw ...)
+ TODO: check
CVE-2022-41892 (Arches is a web platform for creating, managing, &
visualizing geo ...)
NOT-FOR-US: Arches
-CVE-2022-41891
- RESERVED
-CVE-2022-41890
- RESERVED
-CVE-2022-41889
- RESERVED
-CVE-2022-41888
- RESERVED
-CVE-2022-41887
- RESERVED
-CVE-2022-41886
- RESERVED
-CVE-2022-41885
- RESERVED
-CVE-2022-41884
- RESERVED
-CVE-2022-41883
- RESERVED
+CVE-2022-41891 (TensorFlow is an open source platform for machine learning. If
`tf.raw ...)
+ TODO: check
+CVE-2022-41890 (TensorFlow is an open source platform for machine learning. If
`BCast: ...)
+ TODO: check
+CVE-2022-41889 (TensorFlow is an open source platform for machine learning. If
a list ...)
+ TODO: check
+CVE-2022-41888 (TensorFlow is an open source platform for machine learning.
When runni ...)
+ TODO: check
+CVE-2022-41887 (TensorFlow is an open source platform for machine learning.
`tf.keras. ...)
+ TODO: check
+CVE-2022-41886 (TensorFlow is an open source platform for machine learning.
When `tf.r ...)
+ TODO: check
+CVE-2022-41885 (TensorFlow is an open source platform for machine learning.
When `tf.r ...)
+ TODO: check
+CVE-2022-41884 (TensorFlow is an open source platform for machine learning. If
a numpy ...)
+ TODO: check
+CVE-2022-41883 (TensorFlow is an open source platform for machine learning.
When ops t ...)
+ TODO: check
CVE-2022-41882 (The Nextcloud Desktop Client is a tool to synchronize files
from Nextc ...)
- nextcloud-desktop 3.6.1-1
NOTE:
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63
@@ -12416,8 +12438,8 @@ CVE-2022-41882 (The Nextcloud Desktop Client is a tool
to synchronize files from
TODO: check details, is owncloud-client similarly affected?
CVE-2022-41881
RESERVED
-CVE-2022-41880
- RESERVED
+CVE-2022-41880 (TensorFlow is an open source platform for machine learning.
When the ` ...)
+ TODO: check
CVE-2022-41879 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Node parse-server
CVE-2022-41878 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -13020,38 +13042,38 @@ CVE-2022-41660 (A vulnerability has been identified
in JT2Go (All versions <
NOT-FOR-US: Siemens
CVE-2022-41656
RESERVED
-CVE-2022-41655
- RESERVED
+CVE-2022-41655 (Auth. (subscriber+) Sensitive Data Exposure vulnerability in
Phone Ord ...)
+ TODO: check
CVE-2022-41650
RESERVED
CVE-2022-41647
RESERVED
-CVE-2022-41643
- RESERVED
+CVE-2022-41643 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Acce ...)
+ TODO: check
CVE-2022-41640
RESERVED
CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop
plugin < ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41635
RESERVED
-CVE-2022-41634
- RESERVED
+CVE-2022-41634 (Cross-Site Request Forgery (CSRF) vulnerability in Media
Library Folde ...)
+ TODO: check
CVE-2022-41633
RESERVED
CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress
Dropshipping an ...)
NOT-FOR-US: Villatheme ALD
CVE-2022-41620
RESERVED
-CVE-2022-41618
- RESERVED
+CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media
Library As ...)
+ TODO: check
CVE-2022-41616
RESERVED
-CVE-2022-41615
- RESERVED
+CVE-2022-41615 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery
(CSRF) vulne ...)
+ TODO: check
CVE-2022-41612
RESERVED
-CVE-2022-41609
- RESERVED
+CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF)
vulnerability i ...)
+ TODO: check
CVE-2022-41608
RESERVED
CVE-2022-41606 (HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and
1.3.5 job ...)
@@ -13133,12 +13155,12 @@ CVE-2022-41569
RESERVED
CVE-2022-41315 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic
plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41155
- RESERVED
+CVE-2022-41155 (Block BYPASS vulnerability in iQ Block Country plugin <=
1.2.18 on ...)
+ TODO: check
CVE-2022-41136 (Cross-Site Request Forgery (CSRF) vulnerability leading to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41135
- RESERVED
+CVE-2022-41135 (Unauth. Plugin Settings Change vulnerability in Modula plugin
<= 2. ...)
+ TODO: check
CVE-2022-41134
RESERVED
CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS
Vulnerabi ...)
@@ -13161,16 +13183,16 @@ CVE-2022-40311 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) in Fatcat Apps
NOT-FOR-US: WordPress plugin
CVE-2022-40218
RESERVED
-CVE-2022-40216
- RESERVED
+CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in
Better Mes ...)
+ TODO: check
CVE-2022-40209
RESERVED
CVE-2022-40203
RESERVED
CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo
Forum plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-40130
- RESERVED
+CVE-2022-40130 (Auth. (subscriber+) Race Condition vulnerability in WP-Polls
plugin &l ...)
+ TODO: check
CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced
Order Expo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-39044
@@ -19893,8 +19915,8 @@ CVE-2022-38873
RESERVED
CVE-2022-38872
RESERVED
-CVE-2022-38871
- RESERVED
+CVE-2022-38871 (In Free5gc v3.0.5, the AMF breaks due to malformed NAS
messages. ...)
+ TODO: check
CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to Information disclosure. ...)
NOT-FOR-US: free5GC
CVE-2022-38869
@@ -21455,8 +21477,8 @@ CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in
GitHub repository yetiforc
NOT-FOR-US: yetiforcecrm
CVE-2022-38396
RESERVED
-CVE-2022-38395
- RESERVED
+CVE-2022-38395 (HP Support Assistant uses HP Performance Tune-up as a
diagnostic tool. ...)
+ TODO: check
CVE-2022-38393
RESERVED
CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from
11.3.4 pri ...)
@@ -22216,8 +22238,8 @@ CVE-2022-38171 (Xpdf prior to version 4.04 contains an
integer overflow in the J
NOT-FOR-US: xpdf (relevant issue for Poppler tracked as CVE-2022-38784)
NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171
in xpdf
NOTE: https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6
-CVE-2022-2794
- RESERVED
+CVE-2022-2794 (Certain HP PageWide Pro Printers may be vulnerable to a
potential deni ...)
+ TODO: check
CVE-2022-2793 (Emerson Electric's Proficy Machine Edition Version 9.00 and
prior is v ...)
NOT-FOR-US: Emerson
CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and
prior is v ...)
@@ -24803,8 +24825,8 @@ CVE-2022-37199 (JFinal CMS 5.1.0 is vulnerable to SQL
Injection via /jfinal_cms/
NOT-FOR-US: JFinal CMS
CVE-2022-37198
RESERVED
-CVE-2022-37197
- RESERVED
+CVE-2022-37197 (IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.
...)
+ TODO: check
CVE-2022-37196
RESERVED
CVE-2022-37195
@@ -31129,8 +31151,8 @@ CVE-2022-34829 (Zoho ManageEngine ADSelfService Plus
before 6203 allows a denial
NOT-FOR-US: Zoho ManageEngine
CVE-2022-34828
RESERVED
-CVE-2022-34827
- RESERVED
+CVE-2022-34827 (Carel Boss Mini 1.5.0 has Improper Access Control. ...)
+ TODO: check
CVE-2022-34826 (In Couchbase Server 7.1.x before 7.1.1, an encrypted Private
Key passp ...)
NOT-FOR-US: Couchbase Server
CVE-2022-34825 (Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for
Windows and e ...)
@@ -31579,16 +31601,15 @@ CVE-2022-34669
RESERVED
CVE-2022-34668 (NVFLARE, versions prior to 2.1.4, contains a vulnerability
that deseri ...)
NOT-FOR-US: NVFLARE
-CVE-2022-34667
- RESERVED
+CVE-2022-34667 (NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow
vulnera ...)
- nvidia-cuda-toolkit <unfixed> (bug #1021625)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
[buster] - nvidia-cuda-toolkit <no-dsa> (Minor issue)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5373
CVE-2022-34666 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
TODO: check
-CVE-2022-34665
- RESERVED
+CVE-2022-34665 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
+ TODO: check
CVE-2022-34664
RESERVED
CVE-2022-34663 (A vulnerability has been identified in RUGGEDCOM ROS M2100
(All versio ...)
@@ -39554,8 +39575,8 @@ CVE-2022-31696
RESERVED
CVE-2022-31695
RESERVED
-CVE-2022-31694
- RESERVED
+CVE-2022-31694 (InstallBuilder Qt installers built with versions previous to
22.10 try ...)
+ TODO: check
CVE-2022-31693
RESERVED
CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to
5.6.9 co ...)
@@ -39845,12 +39866,11 @@ CVE-2022-1877
RESERVED
CVE-2022-31618 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
NOT-FOR-US: NVIDIA
-CVE-2022-31617
- RESERVED
-CVE-2022-31616
- RESERVED
-CVE-2022-31615
- RESERVED
+CVE-2022-31617 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2022-31616 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2022-31615 (NVIDIA GPU Display Driver for Linux contains a vulnerability
in the ke ...)
- nvidia-graphics-drivers 470.141.03-1 (bug #1016614)
[bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1
[buster] - nvidia-graphics-drivers <ignored> (Non-free not supported)
@@ -39871,18 +39891,17 @@ CVE-2022-31615
- nvidia-graphics-drivers-tesla-510 510.85.02-1 (bug #1016621)
CVE-2022-31614 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
NOT-FOR-US: NVIDIA
-CVE-2022-31613
- RESERVED
-CVE-2022-31612
- RESERVED
+CVE-2022-31613 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2022-31612 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
CVE-2022-31611
RESERVED
-CVE-2022-31610
- RESERVED
+CVE-2022-31610 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
CVE-2022-31609 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
NOT-FOR-US: NVIDIA
-CVE-2022-31608
- RESERVED
+CVE-2022-31608 (NVIDIA GPU Display Driver for Linux contains a vulnerability
in an opt ...)
- nvidia-graphics-drivers 470.141.03-1 (bug #1016614)
[bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1
[buster] - nvidia-graphics-drivers <ignored> (Non-free not supported)
@@ -39901,8 +39920,7 @@ CVE-2022-31608
- nvidia-graphics-drivers-tesla-470 470.141.03-1 (bug #1016620)
[bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.85.02-1 (bug #1016621)
-CVE-2022-31607
- RESERVED
+CVE-2022-31607 (NVIDIA GPU Display Driver for Linux contains a vulnerability
in the ke ...)
- nvidia-graphics-drivers 470.141.03-1 (bug #1016614)
[bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1
[buster] - nvidia-graphics-drivers <ignored> (Non-free not supported)
@@ -39921,8 +39939,8 @@ CVE-2022-31607
- nvidia-graphics-drivers-tesla-470 470.141.03-1 (bug #1016620)
[bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.85.02-1 (bug #1016621)
-CVE-2022-31606
- RESERVED
+CVE-2022-31606 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
CVE-2022-31605 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in
its util ...)
NOT-FOR-US: NVFLARE
CVE-2022-31604 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in
its PKI ...)
@@ -43938,8 +43956,8 @@ CVE-2022-30258
RESERVED
CVE-2022-30257
RESERVED
-CVE-2022-30256
- RESERVED
+CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021
that allo ...)
+ TODO: check
CVE-2022-30255
RESERVED
CVE-2022-30254
@@ -95877,8 +95895,8 @@ CVE-2021-37938 (It was discovered that on Windows
operating systems specifically
- kibana <itp> (bug #700337)
CVE-2021-37937
RESERVED
-CVE-2021-37936
- RESERVED
+CVE-2021-37936 (It was discovered that Kibana was not sanitizing document
fields conta ...)
+ TODO: check
CVE-2021-37935 (An information disclosure vulnerability in the login page of
Huntflow ...)
NOT-FOR-US: Huntflow Enterprise
CVE-2021-37934 (Due to insufficient server-side login-attempt limit
enforcement, a vul ...)
@@ -106248,7 +106266,7 @@ CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x,
and SingularityPRO before 3.
- singularity-container 3.9.5+ds1-2 (bug #990201)
NOTE:
https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622-
CVE-2021-33621
- RESERVED
+ REJECTED
CVE-2021-33619
RESERVED
CVE-2021-33618 (Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as
demonstr ...)
@@ -111393,8 +111411,8 @@ CVE-2021-31741
RESERVED
CVE-2021-31740
RESERVED
-CVE-2021-31739
- RESERVED
+CVE-2021-31739 (The SEPPmail solution is vulnerable to a Cross-Site Scripting
vulnerab ...)
+ TODO: check
CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. ...)
NOT-FOR-US: Adiscon LogAnalyzer
CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution
vulnerabili ...)
@@ -133885,7 +133903,7 @@ CVE-2021-22718 (A CWE-22: Improper Limitation of a
Pathname to a Restricted Dire
NOT-FOR-US: Schneider Electric
CVE-2021-22717 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22716 (A CWE-269: Improper Privilege Management vulnerability exists
in C-Bus ...)
+CVE-2021-22716 (A CWE-732: Incorrect Permission Assignment for Critical
Resource vulne ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22715
RESERVED
@@ -135300,8 +135318,7 @@ CVE-2021-22143
CVE-2021-22142
RESERVED
- kibana <itp> (bug #700337)
-CVE-2021-22141
- RESERVED
+CVE-2021-22141 (An open redirect flaw was found in Kibana versions before
7.13.0 and 6 ...)
- kibana <itp> (bug #700337)
CVE-2021-22140 (Elastic App Search versions after 7.11.0 and before 7.12.0
contain an ...)
NOT-FOR-US: Elastic App Search web crawler
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3de58829b03a7a9b325a0cbb6103351b877debba
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3de58829b03a7a9b325a0cbb6103351b877debba
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
