Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4a8d6d5a by security tracker role at 2022-11-24T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2022-45883
+ RESERVED
+CVE-2022-45877
+ RESERVED
+CVE-2022-45875
+ RESERVED
+CVE-2022-45874
+ RESERVED
+CVE-2022-45126
+ RESERVED
+CVE-2022-45118
+ RESERVED
+CVE-2022-44455
+ RESERVED
+CVE-2022-43662
+ RESERVED
+CVE-2022-41802
+ RESERVED
+CVE-2022-4138
+ RESERVED
+CVE-2022-4137
+ RESERVED
CVE-2022-45873 (systemd 250 and 251 allows local users to achieve a
systemd-coredump d ...)
- systemd 252-1
[bullseye] - systemd <not-affected> (Vulnerable code introduced later)
@@ -21,8 +43,8 @@ CVE-2022-45867
RESERVED
CVE-2022-45866 (qpress before PierreLvx/qpress 20220819 and before version
11.3, as us ...)
NOT-FOR-US: qpress
-CVE-2022-4136
- RESERVED
+CVE-2022-4136 (Dangerous method exposed which can lead to RCE in
qmpass/leadshop v1.4 ...)
+ TODO: check
CVE-2022-4135
RESERVED
CVE-2022-4134
@@ -910,12 +932,12 @@ CVE-2022-44608
RESERVED
CVE-2022-4091
RESERVED
-CVE-2022-4090
- RESERVED
-CVE-2022-4089
- RESERVED
-CVE-2022-4088
- RESERVED
+CVE-2022-4090 (A vulnerability was found in rickxy Stock Management System and
classi ...)
+ TODO: check
+CVE-2022-4089 (A vulnerability was found in rickxy Stock Management System. It
has be ...)
+ TODO: check
+CVE-2022-4088 (A vulnerability was found in rickxy Stock Management System and
classi ...)
+ TODO: check
CVE-2022-4087 (A vulnerability was found in iPXE. It has been declared as
problematic ...)
- ipxe <not-affected> (Vulnerable code not present)
NOTE: Introduced by:
https://github.com/ipxe/ipxe/commit/634a86093af9a6d134be8662f25616f4edfec683
@@ -13972,6 +13994,7 @@ CVE-2022-3354 (A vulnerability has been found in
Open5GS up to 2.4.10 and classi
CVE-2022-3353
RESERVED
CVE-2022-3352 (Use After Free in GitHub repository vim/vim prior to 9.0.0614.
...)
+ {DLA-3204-1}
- vim 2:9.0.0626-1 (unimportant)
NOTE: https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60
NOTE:
https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15
(v9.0.0614)
@@ -15157,6 +15180,7 @@ CVE-2022-3258 (Incorrect Permission Assignment for
Critical Resource vulnerabili
CVE-2022-3257 (Mattermost version 7.1.x and earlier fails to sufficiently
process a s ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-3256 (Use After Free in GitHub repository vim/vim prior to 9.0.0530.
...)
+ {DLA-3204-1}
- vim 2:9.0.0626-1 (unimportant)
NOTE: https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3
NOTE:
https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad
(v9.0.0530)
@@ -15749,10 +15773,10 @@ CVE-2022-40979 (In JetBrains TeamCity before
2022.04.4 environmental variables o
NOT-FOR-US: JetBrains TeamCity
CVE-2022-40978 (The installer of JetBrains IntelliJ IDEA before 2022.2.2 was
vulnerabl ...)
NOT-FOR-US: installer of JetBrains IntelliJ IDEA
-CVE-2022-40977
- RESERVED
-CVE-2022-40976
- RESERVED
+CVE-2022-40977 (A path traversal vulnerability was discovered in Pilz PASvisu
Server b ...)
+ TODO: check
+CVE-2022-40976 (A path traversal vulnerability was discovered in multiple Pilz
product ...)
+ TODO: check
CVE-2022-40969
RESERVED
CVE-2022-40962
@@ -16234,6 +16258,7 @@ CVE-2022-3236 (A code injection vulnerability in the
User Portal and Webadmin al
CVE-2022-40763
RESERVED
CVE-2022-3235 (Use After Free in GitHub repository vim/vim prior to 9.0.0490.
...)
+ {DLA-3204-1}
- vim 2:9.0.0626-1 (unimportant)
NOTE: https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af
NOTE:
https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0
(v9.0.0490)
@@ -17479,8 +17504,8 @@ CVE-2022-40268
RESERVED
CVE-2022-40267
RESERVED
-CVE-2022-40266
- RESERVED
+CVE-2022-40266 (Improper Input Validation vulnerability in Mitsubishi Electric
GOT2000 ...)
+ TODO: check
CVE-2022-40265
RESERVED
CVE-2022-40264
@@ -25229,8 +25254,8 @@ CVE-2022-2652 (Depending on the way the format strings
in the card label are cra
NOTE: Negligible security impact
CVE-2022-2651 (Authentication Bypass by Primary Weakness in GitHub repository
bookwyr ...)
NOT-FOR-US: BookWyrm
-CVE-2022-2650
- RESERVED
+CVE-2022-2650 (Improper Restriction of Excessive Authentication Attempts in
GitHub re ...)
+ TODO: check
CVE-2022-2649
RESERVED
CVE-2022-2648 (A vulnerability was found in SourceCodester Multi Language
Hotel Manag ...)
@@ -34544,6 +34569,7 @@ CVE-2022-33980 (Apache Commons Configuration performs
variable interpolation, al
[buster] - commons-configuration2 <not-affected> (Vulnerable code
introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5
CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
...)
+ {DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
@@ -38308,6 +38334,7 @@ CVE-2022-30532 (In affected versions of Octopus Deploy,
there is no logging of c
CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be
customi ...)
NOT-FOR-US: Octopus Server
CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
...)
+ {DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -40109,6 +40136,7 @@ CVE-2022-1943 (A flaw out of bounds memory write in the
Linux kernel UDF file sy
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412
NOTE: Fixed by:
https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7)
CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
+ {DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -40522,6 +40550,7 @@ CVE-2022-1898 (Use After Free in GitHub repository
vim/vim prior to 8.2. ...)
NOTE:
https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a
(v8.2.5024)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
...)
+ {DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Minor issue)
@@ -42697,6 +42726,7 @@ CVE-2022-1786 (A use-after-free flaw was found in the
Linux kernel’s io_ur
NOTE: https://www.openwall.com/lists/oss-security/2022/05/28/1
NOTE: https://blog.kylebot.net/2022/10/16/CVE-2022-1786/
CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to
8.2.4977. ...)
+ {DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -44685,7 +44715,7 @@ CVE-2022-1622 (LibTIFF master branch has an
out-of-bounds read in LZWDecode in l
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
(v4.4.0rc1)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub
repository vim ...)
- {DLA-3011-1}
+ {DLA-3204-1 DLA-3011-1}
- vim 2:9.0.0135-1 (bug #1015984; unimportant)
NOTE: https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb
NOTE:
https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b
(v8.2.4919)
@@ -44703,7 +44733,7 @@ CVE-2022-1620 (NULL Pointer Dereference in function
vim_regexec_string at regexp
NOTE:
https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f
(v8.2.4901)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in
GitHub r ...)
- {DLA-3011-1}
+ {DLA-3204-1 DLA-3011-1}
- vim 2:9.0.0135-1 (bug #1015984; unimportant)
NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450
NOTE:
https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe
(v8.2.4899)
@@ -54926,8 +54956,8 @@ CVE-2022-0935 (Host Header injection in password Reset
in GitHub repository live
NOT-FOR-US: livehelperchat
CVE-2022-26886
RESERVED
-CVE-2022-26885
- RESERVED
+CVE-2022-26885 (When using tasks to read config files, there is a risk of
database pas ...)
+ TODO: check
CVE-2022-26884 (Users can read any files by log server, Apache
DolphinScheduler users ...)
NOT-FOR-US: Apache DolphinScheduler
CVE-2022-0934 (A single-byte, non-arbitrary write/use-after-free flaw was
found in dn ...)
@@ -59044,6 +59074,7 @@ CVE-2022-0698
CVE-2022-0697 (Open Redirect in GitHub repository archivy/archivy prior to
1.7.0. ...)
NOT-FOR-US: Archivy
CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to
8.2.442 ...)
+ {DLA-3204-1}
- vim 2:8.2.4659-1 (unimportant)
NOTE: https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/
NOTE:
https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1
(v8.2.4428)
@@ -59585,6 +59616,7 @@ CVE-2022-0630 (Out-of-bounds Read in Homebrew mruby
prior to 3.2. ...)
NOTE: https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32
NOTE:
https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
+ {DLA-3204-1}
- vim 2:8.2.4659-1 (unimportant)
NOTE: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/
NOTE:
https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc
(v8.2.4397)
@@ -63513,6 +63545,7 @@ CVE-2022-21798 (The affected product is vulnerable due
to cleartext transmission
CVE-2022-21154 (An integer overflow vulnerability exists in the fltSaveCMP
functionali ...)
NOT-FOR-US: LeadTools
CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to
8.2. ...)
+ {DLA-3204-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[stretch] - vim <not-affected> (vulnerable code was introduced later)
@@ -64947,6 +64980,7 @@ CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to
8.2. ...)
NOTE:
https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9
(v8.2.4154)
NOTE: Crash in CLI tool, no security impact
CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...)
+ {DLA-3204-1}
- vim 2:8.2.4659-1 (bug #1004859; unimportant)
[stretch] - vim <postponed> (Fix introduces a test regression)
NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a8d6d5ad18ac67e7d69575f5a62f7abb4cf5633
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a8d6d5ad18ac67e7d69575f5a62f7abb4cf5633
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
