Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
67b24ff6 by security tracker role at 2022-11-29T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2022-46337
+ RESERVED
+CVE-2022-46336
+ RESERVED
+CVE-2022-46335
+ RESERVED
+CVE-2022-46334
+ RESERVED
+CVE-2022-46333
+ RESERVED
+CVE-2022-46332
+ RESERVED
+CVE-2022-46328
+ RESERVED
+CVE-2022-46327
+ RESERVED
+CVE-2022-46326
+ RESERVED
+CVE-2022-46325
+ RESERVED
+CVE-2022-46324
+ RESERVED
+CVE-2022-46323
+ RESERVED
+CVE-2022-46322
+ RESERVED
+CVE-2022-46321
+ RESERVED
+CVE-2022-46320
+ RESERVED
+CVE-2022-46319
+ RESERVED
+CVE-2022-46318
+ RESERVED
+CVE-2022-46317
+ RESERVED
+CVE-2022-46316
+ RESERVED
+CVE-2022-46315
+ RESERVED
+CVE-2022-46314
+ RESERVED
+CVE-2022-46313
+ RESERVED
+CVE-2022-46312
+ RESERVED
+CVE-2022-46311
+ RESERVED
+CVE-2022-46310
+ RESERVED
+CVE-2022-46281
+ RESERVED
+CVE-2022-4207
+ RESERVED
+CVE-2022-4206
+ RESERVED
+CVE-2022-4205
+ RESERVED
+CVE-2022-4204
+ RESERVED
+CVE-2022-4203
+ RESERVED
+CVE-2022-4202 (A vulnerability, which was classified as problematic, was found
in GPA ...)
+ TODO: check
+CVE-2021-46856
+ RESERVED
CVE-2022-XXXX [g810 insecure device permissions]
- g810-led 0.4.2-3 (bug #1024998)
[bullseye] - g810-led <no-dsa> (Minor issue)
@@ -141,8 +207,8 @@ CVE-2022-4174
RESERVED
CVE-2022-4173
RESERVED
-CVE-2022-4172
- RESERVED
+CVE-2022-4172 (An integer overflow and buffer overflow issues were found in
the ACPI ...)
+ TODO: check
CVE-2022-40973
RESERVED
CVE-2022-37331
@@ -373,20 +439,20 @@ CVE-2022-46154
RESERVED
CVE-2022-46153
RESERVED
-CVE-2022-46152
- RESERVED
+CVE-2022-46152 (OP-TEE Trusted OS is the secure side implementation of OP-TEE
project, ...)
+ TODO: check
CVE-2022-46151
RESERVED
-CVE-2022-46150
- RESERVED
+CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to
version 2.8. ...)
+ TODO: check
CVE-2022-46149
RESERVED
-CVE-2022-46148
- RESERVED
+CVE-2022-46148 (Discourse is an open-source messaging platform. In versions
2.8.10 and ...)
+ TODO: check
CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style
problem, wher ...)
TODO: check
-CVE-2022-46146
- RESERVED
+CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build
exporters. P ...)
+ TODO: check
CVE-2022-46145
RESERVED
CVE-2022-46144
@@ -950,8 +1016,7 @@ CVE-2022-45899
RESERVED
CVE-2022-45898
RESERVED
-CVE-2022-4144 [QXL: qxl_phys2virt unsafe address translation can lead to
out-of-bounds read]
- RESERVED
+CVE-2022-4144 (An out-of-bounds read flaw was found in the QXL display device
emulati ...)
- qemu <unfixed>
[bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2148506
@@ -961,7 +1026,7 @@ CVE-2022-4143
RESERVED
CVE-2022-4142
RESERVED
-CVE-2022-4141 (The target's backtrace indicates that libc has detected a heap
error o ...)
+CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by
allowing a ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
@@ -2740,8 +2805,8 @@ CVE-2022-45347
RESERVED
CVE-2022-45344
RESERVED
-CVE-2022-45343
- RESERVED
+CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to
contain a hea ...)
+ TODO: check
CVE-2022-45342
RESERVED
CVE-2022-45341
@@ -5613,8 +5678,8 @@ CVE-2021-46853 (Alpine before 2.25 allows remote
attackers to cause a denial of
NOTE: https://nostarttls.secvuln.info
NOTE: https://bugs.gentoo.org/807613
NOTE:
https://repo.or.cz/alpine.git/commitdiff/e58edb33f71687cb0b12c10a6cea2db2f8a35011
(v2.25)
-CVE-2022-44635
- RESERVED
+CVE-2022-44635 (Apache Fineract allowed an authenticated user to perform
remote code e ...)
+ TODO: check
CVE-2022-44634 (Auth. (admin+) Arbitrary File Read vulnerability in S2W
– Import ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44633
@@ -6461,12 +6526,12 @@ CVE-2022-44358
RESERVED
CVE-2022-44357
RESERVED
-CVE-2022-44356
- RESERVED
-CVE-2022-44355
- RESERVED
-CVE-2022-44354
- RESERVED
+CVE-2022-44356 (WAVLINK Quantum D4G (WL-WN531G3) running firmware versions
M31G3.V5030 ...)
+ TODO: check
+CVE-2022-44355 (SolarView Compact 7.0 is vulnerable to Cross-site Scripting
(XSS) via ...)
+ TODO: check
+CVE-2022-44354 (SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted
File Uploa ...)
+ TODO: check
CVE-2022-44353
RESERVED
CVE-2022-44352
@@ -7811,7 +7876,7 @@ CVE-2022-3736
RESERVED
CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated
as crit ...)
NOT-FOR-US: seccome Ehoney
-CVE-2022-3734 (A vulnerability was found in Redis. It has been declared as
critical. ...)
+CVE-2022-3734 (** DISPUTED ** A vulnerability was found in a port or fork of
Redis. I ...)
NOTE: Bogus report/assignment for Redis
CVE-2022-3733 (A vulnerability was found in SourceCodester Web-Based Student
Clearanc ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
@@ -12054,7 +12119,7 @@ CVE-2022-42899 (Bentley MicroStation and
MicroStation-based applications may be
NOT-FOR-US: Bentley
CVE-2022-42898 [krb5_pac_parse() buffer parsing vulnerability]
RESERVED
- {DSA-5287-1 DSA-5286-1 DLA-3206-1}
+ {DSA-5287-1 DSA-5286-1 DLA-3213-1 DLA-3206-1}
- heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
- krb5 1.20.1-1 (bug #1024267)
- samba 2:4.17.3+dfsg-1
@@ -21086,7 +21151,7 @@ CVE-2022-3099 (Use After Free in GitHub repository
vim/vim prior to 9.0.0360. ..
NOTE:
https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c
(v9.0.0360)
CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not
have CSRF ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3097 (The LBstopattack WordPress plugin before 1.1.3 does not use
nonces whe ...)
+CVE-2022-3097 (The Plugin LBstopattack WordPress plugin before 1.1.3 does not
use non ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not
prevent low ...)
NOT-FOR-US: WordPress plugin
@@ -28681,8 +28746,8 @@ CVE-2022-36435
RESERVED
CVE-2022-36434
RESERVED
-CVE-2022-36433
- RESERVED
+CVE-2022-36433 (The blog-post creation functionality in the Amasty Blog Pro
2.10.3 plu ...)
+ TODO: check
CVE-2022-36432 (The Preview functionality in the Amasty Blog Pro 2.10.3 plugin
for Mag ...)
NOT-FOR-US: Amasty Blog Pro plugin for Magento
CVE-2022-36431
@@ -58680,8 +58745,8 @@ CVE-2022-25850 (The package
github.com/hoppscotch/proxyscotch before 1.0.0 are v
NOT-FOR-US: hoppscotch proxyscotch
CVE-2022-25849 (The package joyqi/hyper-down from 0.0.0 are vulnerable to
Cross-site S ...)
NOT-FOR-US: joyqi/hyper-down
-CVE-2022-25848
- RESERVED
+CVE-2022-25848 (This affects all versions of package static-dev-server. This
is becaus ...)
+ TODO: check
CVE-2022-25847
RESERVED
CVE-2022-25846
@@ -58929,8 +58994,8 @@ CVE-2022-21144 (This affects all versions of package
libxmljs. When invoking the
NOT-FOR-US: Node libxmljs
CVE-2022-21129
RESERVED
-CVE-2022-21126
- RESERVED
+CVE-2022-21126 (The package com.github.samtools:htsjdk before 3.0.1 are
vulnerable to ...)
+ TODO: check
CVE-2022-21122 (The package metacalc before 0.0.2 are vulnerable to Arbitrary
Code Exe ...)
NOT-FOR-US: Node metacalc
CVE-2022-0758 (Rapid7 Nexpose versions 6.6.129 and earlier suffer from a
reflected cr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67b24ff62e89f19dff7421112564c97163b2389b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67b24ff62e89f19dff7421112564c97163b2389b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
