[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 01 Dec 2022 00:10:37 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4b046102 by security tracker role at 2022-12-01T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2022-46361
+       RESERVED
+CVE-2022-43485
+       RESERVED
+CVE-2022-4245
+       RESERVED
+CVE-2022-4244
+       RESERVED
+CVE-2022-4243
+       RESERVED
+CVE-2022-4242
+       RESERVED
+CVE-2022-4241
+       RESERVED
+CVE-2022-4240
+       RESERVED
 CVE-2022-46359
        RESERVED
 CVE-2022-46358
@@ -560,8 +576,8 @@ CVE-2022-46164
        RESERVED
 CVE-2022-46163
        RESERVED
-CVE-2022-46162
-       RESERVED
+CVE-2022-46162 (discourse-bbcode is the official BBCode plugin for Discourse. 
Prior to ...)
+       TODO: check
 CVE-2022-46161
        RESERVED
 CVE-2022-46160
@@ -572,8 +588,8 @@ CVE-2022-46158
        RESERVED
 CVE-2022-46157
        RESERVED
-CVE-2022-46156
-       RESERVED
+CVE-2022-46156 (The Synthetic Monitoring Agent for Grafana's Synthetic 
Monitoring appl ...)
+       TODO: check
 CVE-2022-46155 (Airtable.js is the JavaScript client for Airtable. Prior to 
version 0. ...)
        TODO: check
 CVE-2022-46154
@@ -1813,8 +1829,8 @@ CVE-2022-45642
        RESERVED
 CVE-2022-45641
        RESERVED
-CVE-2022-45640
-       RESERVED
+CVE-2022-45640 (Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer 
overflow. Cause ...)
+       TODO: check
 CVE-2022-45639
        RESERVED
 CVE-2022-45638
@@ -3824,8 +3840,8 @@ CVE-2022-3892
        RESERVED
 CVE-2022-3891
        RESERVED
-CVE-2022-45045
-       RESERVED
+CVE-2022-45045 (Multiple Xiongmai NVR devices, including MBD6304T 
V4.02.R11.00000117.1 ...)
+       TODO: check
 CVE-2022-3890 (Heap buffer overflow in Crashpad in Google Chrome on Android 
prior to  ...)
        {DSA-5275-1}
        - chromium 107.0.5304.110-1
@@ -6264,10 +6280,10 @@ CVE-2022-44535
        RESERVED
 CVE-2022-44534
        RESERVED
-CVE-2022-44533
-       RESERVED
-CVE-2022-44532
-       RESERVED
+CVE-2022-44533 (A vulnerability in the Aruba EdgeConnect Enterprise web 
management int ...)
+       TODO: check
+CVE-2022-44532 (An authenticated path traversal vulnerability exists in the 
Aruba Edge ...)
+       TODO: check
 CVE-2022-3785 (A vulnerability, which was classified as critical, has been 
found in A ...)
        NOT-FOR-US: Bento4
 CVE-2022-3784 (A vulnerability classified as critical was found in Axiomatic 
Bento4 5 ...)
@@ -6874,8 +6890,8 @@ CVE-2022-44264
        RESERVED
 CVE-2022-44263
        RESERVED
-CVE-2022-44262
-       RESERVED
+CVE-2022-44262 (ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). ...)
+       TODO: check
 CVE-2022-44261
        RESERVED
 CVE-2022-44260 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
@@ -10351,10 +10367,10 @@ CVE-2022-43546 (A vulnerability has been identified 
in POWER METER SICAM Q100 (A
        NOT-FOR-US: Siemens
 CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q100 
(All ver ...)
        NOT-FOR-US: Siemens
-CVE-2022-43542
-       RESERVED
-CVE-2022-43541
-       RESERVED
+CVE-2022-43542 (Vulnerabilities in the Aruba EdgeConnect Enterprise command 
line inter ...)
+       TODO: check
+CVE-2022-43541 (Vulnerabilities in the Aruba EdgeConnect Enterprise command 
line inter ...)
+       TODO: check
 CVE-2022-43540
        RESERVED
 CVE-2022-43539
@@ -10399,8 +10415,8 @@ CVE-2022-43520
        RESERVED
 CVE-2022-43519
        RESERVED
-CVE-2022-43518
-       RESERVED
+CVE-2022-43518 (An authenticated path traversal vulnerability exists in the 
Aruba Edge ...)
+       TODO: check
 CVE-2022-43517
        RESERVED
 CVE-2022-43516
@@ -13435,8 +13451,8 @@ CVE-2022-42448
        RESERVED
 CVE-2022-42447
        RESERVED
-CVE-2022-42446
-       RESERVED
+CVE-2022-42446 (Starting with Sametime 12, anonymous users are enabled by 
default. Aft ...)
+       TODO: check
 CVE-2022-42445 (HCL Launch could allow a user with administrative privileges, 
includin ...)
        NOT-FOR-US: HCL
 CVE-2022-42444
@@ -14994,8 +15010,8 @@ CVE-2022-40965 (The affected product DIAEnergie 
(versions prior to v1.9.01.002)
        NOT-FOR-US: DIAEnergie
 CVE-2022-40703 (CWE-302 Authentication Bypass by Assumed-Immutable Data in 
AliveCor Ka ...)
        NOT-FOR-US: AliveCor Kardia App
-CVE-2022-40204
-       RESERVED
+CVE-2022-40204 (A cross-site scripting (XSS) vulnerability exists in all 
current versi ...)
+       TODO: check
 CVE-2022-40202 (The database backup function in Delta Electronics InfraSuite 
Device Ma ...)
        NOT-FOR-US: Delta Electronics
 CVE-2022-40201
@@ -17345,8 +17361,8 @@ CVE-2022-40851 (Tenda AC15 V15.03.05.19 contained a 
stack overflow via the funct
        NOT-FOR-US: Tenda
 CVE-2022-40850
        RESERVED
-CVE-2022-40849
-       RESERVED
+CVE-2022-40849 (ThinkCMF version 6.0.7 is affected by Stored Cross-Site 
Scripting (XSS ...)
+       TODO: check
 CVE-2022-40848
        RESERVED
 CVE-2022-40847 (In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there 
exists a  ...)
@@ -18283,8 +18299,8 @@ CVE-2022-40491
        RESERVED
 CVE-2022-40490
        RESERVED
-CVE-2022-40489
-       RESERVED
+CVE-2022-40489 (ThinkCMF version 6.0.7 is affected by a Cross Site Request 
Forgery (CS ...)
+       TODO: check
 CVE-2022-40488 (ProcessWire v3.0.200 was discovered to contain a Cross-Site 
Request Fo ...)
        NOT-FOR-US: ProcessWire
 CVE-2022-40487 (ProcessWire v3.0.200 was discovered to contain multiple 
cross-site scr ...)
@@ -25184,22 +25200,22 @@ CVE-2022-37928 (Insufficient Verification of Data 
Authenticity vulnerability in
        NOT-FOR-US: HPE
 CVE-2022-37927 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in H ...)
        NOT-FOR-US: HPE
-CVE-2022-37926
-       RESERVED
-CVE-2022-37925
-       RESERVED
-CVE-2022-37924
-       RESERVED
-CVE-2022-37923
-       RESERVED
-CVE-2022-37922
-       RESERVED
-CVE-2022-37921
-       RESERVED
-CVE-2022-37920
-       RESERVED
-CVE-2022-37919
-       RESERVED
+CVE-2022-37926 (A vulnerability within the web-based management interface of 
EdgeConne ...)
+       TODO: check
+CVE-2022-37925 (A vulnerability within the web-based management interface of 
Aruba Edg ...)
+       TODO: check
+CVE-2022-37924 (Vulnerabilities in the Aruba EdgeConnect Enterprise command 
line inter ...)
+       TODO: check
+CVE-2022-37923 (Vulnerabilities in the Aruba EdgeConnect Enterprise command 
line inter ...)
+       TODO: check
+CVE-2022-37922 (Vulnerabilities in the Aruba EdgeConnect Enterprise command 
line inter ...)
+       TODO: check
+CVE-2022-37921 (Vulnerabilities in the Aruba EdgeConnect Enterprise command 
line inter ...)
+       TODO: check
+CVE-2022-37920 (Vulnerabilities in the Aruba EdgeConnect Enterprise command 
line inter ...)
+       TODO: check
+CVE-2022-37919 (A vulnerability exists in the API of Aruba EdgeConnect 
Enterprise. An  ...)
+       TODO: check
 CVE-2022-37918
        RESERVED
 CVE-2022-37917
@@ -28921,8 +28937,8 @@ CVE-2022-36433 (The blog-post creation functionality in 
the Amasty Blog Pro 2.10
        TODO: check
 CVE-2022-36432 (The Preview functionality in the Amasty Blog Pro 2.10.3 plugin 
for Mag ...)
        NOT-FOR-US: Amasty Blog Pro plugin for Magento
-CVE-2022-36431
-       RESERVED
+CVE-2022-36431 (An arbitrary file upload vulnerability in Rocket TRUfusion 
Enterprise  ...)
+       TODO: check
 CVE-2022-36430
        RESERVED
 CVE-2022-2527 (An issue in Incident Timelines has been discovered in GitLab 
CE/EE aff ...)
@@ -96315,7 +96331,8 @@ CVE-2021-38578 (Existing CommBuffer checks in 
SmmEntryPoint will not catch under
        [buster] - edk2 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3387 (private)
        NOTE: https://edk2.groups.io/g/devel/message/90516
-CVE-2021-38577 (Heap Overflow in BaseBmpSupportLib. ...)
+CVE-2021-38577
+       REJECTED
        - edk2 <unfixed> (bug #1014468)
        [bullseye] - edk2 <no-dsa> (Minor issue)
        [buster] - edk2 <no-dsa> (Minor issue)
@@ -183734,6 +183751,7 @@ CVE-2020-15505 (A remote code execution vulnerability 
in MobileIron Core &amp; C
 CVE-2020-15504 (A SQL injection vulnerability in the user and admin web 
interfaces of  ...)
        NOT-FOR-US: Sophos
 CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. 
This affect ...)
+       {DLA-3214-1}
        [experimental] - libraw 0.20.0-1
        - libraw 0.20.0-4 (bug #964747)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477
@@ -227956,8 +227974,8 @@ CVE-2019-18267 (An issue was found in GE S2020/S2020G 
Fast Switch 61850, S2020/S
        NOT-FOR-US: GE
 CVE-2019-18266
        RESERVED
-CVE-2019-18265
-       RESERVED
+CVE-2019-18265 (Digital Alert Systems&#8217; DASDEC software prior to version 
4.1 cont ...)
+       TODO: check
 CVE-2019-18264
        RESERVED
 CVE-2019-18263 (An issue was found in Philips Veradius Unity, Pulsera, and 
Endura Dual ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b0461025156e2baf3162e8c2678cb4c41a064ef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b0461025156e2baf3162e8c2678cb4c41a064ef
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to