[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 25 Nov 2022 00:10:34 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2b477634 by security tracker role at 2022-11-25T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-45897
+       RESERVED
+CVE-2022-45896
+       RESERVED
+CVE-2022-45895
+       RESERVED
+CVE-2022-45894
+       RESERVED
+CVE-2022-45893
+       RESERVED
+CVE-2022-45892
+       RESERVED
+CVE-2022-45891
+       RESERVED
+CVE-2022-45890
+       RESERVED
+CVE-2022-45889
+       RESERVED
+CVE-2022-45888 (An issue was discovered in the Linux kernel through 6.0.9. 
drivers/cha ...)
+       TODO: check
+CVE-2022-45887 (An issue was discovered in the Linux kernel through 6.0.9. 
drivers/med ...)
+       TODO: check
+CVE-2022-45886 (An issue was discovered in the Linux kernel through 6.0.9. 
drivers/med ...)
+       TODO: check
+CVE-2022-45885 (An issue was discovered in the Linux kernel through 6.0.9. 
drivers/med ...)
+       TODO: check
+CVE-2022-45884 (An issue was discovered in the Linux kernel through 6.0.9. 
drivers/med ...)
+       TODO: check
 CVE-2022-45883
        RESERVED
 CVE-2022-45877
@@ -45,8 +73,8 @@ CVE-2022-45866 (qpress before PierreLvx/qpress 20220819 and 
before version 11.3,
        NOT-FOR-US: qpress
 CVE-2022-4136 (Dangerous method exposed which can lead to RCE in 
qmpass/leadshop v1.4 ...)
        NOT-FOR-US: leadshop
-CVE-2022-4135
-       RESERVED
+CVE-2022-4135 (Heap buffer overflow in GPU in Google Chrome prior to 
107.0.5304.121 a ...)
+       TODO: check
 CVE-2022-4134
        RESERVED
        - glance <unfixed>
@@ -17479,8 +17507,8 @@ CVE-2022-40284 (A buffer overflow was discovered in 
NTFS-3G before 2022.10.3. Cr
        NOTE: 
https://github.com/tuxera/ntfs-3g/commit/76c3a799a97fbcedeeeca57f598be508ae2a1656
 (2022.10.3)
 CVE-2022-40283
        RESERVED
-CVE-2022-40282
-       RESERVED
+CVE-2022-40282 (The web server of Hirschmann BAT-C2 before 09.13.01.00R04 
allows authe ...)
+       TODO: check
 CVE-2022-40281 (An issue was discovered in Samsung TizenRT through 3.0_GBM 
(and 3.1_PR ...)
        NOT-FOR-US: Samsung TizenRT
 CVE-2022-40280 (An issue was discovered in Samsung TizenRT through 3.0_GBM 
(and 3.1_PR ...)
@@ -24032,8 +24060,8 @@ CVE-2022-2723 (A vulnerability was found in 
SourceCodester Employee Management S
        NOT-FOR-US: SourceCodester Employee Management System
 CVE-2022-2722 (A vulnerability was found in SourceCodester Simple Student 
Information ...)
        NOT-FOR-US: SourceCodester Simple Student Information System
-CVE-2022-2721
-       RESERVED
+CVE-2022-2721 (In affected versions of Octopus Server it is possible for 
target disco ...)
+       TODO: check
 CVE-2022-2720 (In affected versions of Octopus Server it was identified that 
when a s ...)
        NOT-FOR-US: Octopus Server
 CVE-2021-46833
@@ -24661,7 +24689,7 @@ CVE-2022-37599 (A Regular expression denial of service 
(ReDoS) flaw was found in
        NOTE: https://github.com/webpack/loader-utils/issues/211
        NOTE: https://github.com/webpack/loader-utils/pull/225
        NOTE: 
https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb
 (v2.0.4)
-CVE-2022-37598 (Prototype pollution vulnerability in function DEFNODE in 
ast.js in mis ...)
+CVE-2022-37598 (** DISPUTED ** Prototype pollution vulnerability in function 
DEFNODE i ...)
        - uglify-js <unfixed> (unimportant)
        - uglifyjs <removed> (unimportant)
        NOTE: https://github.com/mishoo/UglifyJS/issues/5699
@@ -28586,8 +28614,8 @@ CVE-2022-36135
        RESERVED
 CVE-2022-36134
        RESERVED
-CVE-2022-36133
-       RESERVED
+CVE-2022-36133 (The WebConfig functionality of Epson TM-C3500 and TM-C7500 
devices wit ...)
+       TODO: check
 CVE-2022-36132
        RESERVED
 CVE-2022-36131 (The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is 
prone to s ...)
@@ -30151,7 +30179,7 @@ CVE-2022-35503
        RESERVED
 CVE-2022-35502
        RESERVED
-CVE-2022-35501 (Stored Cross-site Scripting in Amasty Blog Pro 2.10.4 and 
2.10.4 creat ...)
+CVE-2022-35501 (Stored Cross-site Scripting (XSS) exists in the Amasty Blog 
Pro 2.10.3 ...)
        NOT-FOR-US: Amasty Blog Pro
 CVE-2022-35500 (Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) 
via lea ...)
        NOT-FOR-US: Amasty Blog
@@ -46237,24 +46265,24 @@ CVE-2022-29835 (WD Discovery software executable 
files were signed with an unsaf
        NOT-FOR-US: WD Discovery software
 CVE-2022-29834 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
        NOT-FOR-US: ICONICS
-CVE-2022-29833
-       RESERVED
-CVE-2022-29832
-       RESERVED
-CVE-2022-29831
-       RESERVED
-CVE-2022-29830
-       RESERVED
-CVE-2022-29829
-       RESERVED
-CVE-2022-29828
-       RESERVED
-CVE-2022-29827
-       RESERVED
-CVE-2022-29826
-       RESERVED
-CVE-2022-29825
-       RESERVED
+CVE-2022-29833 (Insufficiently Protected Credentials vulnerability in 
Mitsubishi Elect ...)
+       TODO: check
+CVE-2022-29832 (Cleartext Storage of Sensitive Information in Memory 
vulnerability in  ...)
+       TODO: check
+CVE-2022-29831 (Use of Hard-coded Password vulnerability in Mitsubishi 
Electric Corpor ...)
+       TODO: check
+CVE-2022-29830 (Use of Hard-coded Cryptographic Key vulnerability in 
Mitsubishi Electr ...)
+       TODO: check
+CVE-2022-29829 (Use of Hard-coded Cryptographic Key vulnerability in 
Mitsubishi Electr ...)
+       TODO: check
+CVE-2022-29828 (Use of Hard-coded Cryptographic Key vulnerability in 
Mitsubishi Electr ...)
+       TODO: check
+CVE-2022-29827 (Use of Hard-coded Cryptographic Key vulnerability in 
Mitsubishi Electr ...)
+       TODO: check
+CVE-2022-29826 (Cleartext Storage of Sensitive Information vulnerability in 
Mitsubishi ...)
+       TODO: check
+CVE-2022-29825 (Use of Hard-coded Password vulnerability in Mitsubishi 
Electric GX Wor ...)
+       TODO: check
 CVE-2022-29824 (In libxml2 before 2.9.14, several buffer handling functions in 
buf.c ( ...)
        {DSA-5142-1 DLA-3012-1}
        - libxml2 2.9.14+dfsg-1 (bug #1010526)
@@ -59861,8 +59889,8 @@ CVE-2022-25166 (An issue was discovered in Amazon AWS 
VPN Client 2.0.0. It is po
        NOT-FOR-US: Amazon AWS VPN Client
 CVE-2022-25165 (An issue was discovered in Amazon AWS VPN Client 2.0.0. A 
TOCTOU race  ...)
        NOT-FOR-US: Amazon AWS VPN Client
-CVE-2022-25164
-       RESERVED
+CVE-2022-25164 (Cleartext Storage of Sensitive Information vulnerability in 
Mitsubishi ...)
+       TODO: check
 CVE-2022-25163 (Improper Input Validation vulnerability in Mitsubishi Electric 
MELSEC- ...)
        NOT-FOR-US: Mitsubishi
 CVE-2022-25162 (Improper Input Validation vulnerability in Mitsubishi Electric 
MELSEC  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b4776344e0f9fb9b05eec726b794a5a863542c2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b4776344e0f9fb9b05eec726b794a5a863542c2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to