Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b30ad7c1 by security tracker role at 2022-12-06T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2022-46663
+ RESERVED
+CVE-2022-46651
+ RESERVED
+CVE-2022-46650
+ RESERVED
+CVE-2022-46649
+ RESERVED
+CVE-2022-46647
+ RESERVED
+CVE-2022-46646
+ RESERVED
+CVE-2022-46329
+ RESERVED
+CVE-2022-46301
+ RESERVED
+CVE-2022-46299
+ RESERVED
+CVE-2022-46298
+ RESERVED
+CVE-2022-46283
+ RESERVED
+CVE-2022-46282
+ RESERVED
+CVE-2022-45469
+ RESERVED
+CVE-2022-43666
+ RESERVED
+CVE-2022-43496
+ RESERVED
+CVE-2022-43473
+ RESERVED
+CVE-2022-4295
+ RESERVED
CVE-2022-46644
RESERVED
CVE-2022-46643
@@ -358,8 +392,8 @@ CVE-2022-46466
RESERVED
CVE-2022-46465
RESERVED
-CVE-2022-46464
- RESERVED
+CVE-2022-46464 (ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath
injection ...)
+ TODO: check
CVE-2022-46463
RESERVED
CVE-2022-46462
@@ -1268,8 +1302,8 @@ CVE-2022-4174 (Type confusion in V8 in Google Chrome
prior to 108.0.5359.71 allo
{DSA-5293-1}
- chromium 108.0.5359.71-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-4173
- RESERVED
+CVE-2022-4173 (A vulnerability within the malware removal functionality of
Avast and ...)
+ TODO: check
CVE-2022-4172 (An integer overflow and buffer overflow issues were found in
the ACPI ...)
- qemu <unfixed> (bug #1025123)
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
@@ -1474,8 +1508,8 @@ CVE-2022-46171
RESERVED
CVE-2022-46170
RESERVED
-CVE-2022-46169
- RESERVED
+CVE-2022-46169 (Cacti is an open source platform which provides a robust and
extensibl ...)
+ TODO: check
CVE-2022-46168
RESERVED
CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for
Kubernetes. ...)
@@ -1484,8 +1518,8 @@ CVE-2022-46166
RESERVED
CVE-2022-46165
RESERVED
-CVE-2022-46164
- RESERVED
+CVE-2022-46164 (NodeBB is an open source Node.js based forum software. Due to
a plain ...)
+ TODO: check
CVE-2022-46163
RESERVED
CVE-2022-46162 (discourse-bbcode is the official BBCode plugin for Discourse.
Prior to ...)
@@ -1510,8 +1544,8 @@ CVE-2022-46153
RESERVED
CVE-2022-46152 (OP-TEE Trusted OS is the secure side implementation of OP-TEE
project, ...)
NOT-FOR-US: OP-TEE
-CVE-2022-46151
- RESERVED
+CVE-2022-46151 (Querybook is an open source data querying UI. In affected
versions use ...)
+ TODO: check
CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to
version 2.8. ...)
NOT-FOR-US: Discourse
CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure
call (RP ...)
@@ -1903,8 +1937,8 @@ CVE-2022-45992
RESERVED
CVE-2022-45991
RESERVED
-CVE-2022-45990
- RESERVED
+CVE-2022-45990 (A cross-site scripting (XSS) vulnerability in the component
/signup_sc ...)
+ TODO: check
CVE-2022-45989
RESERVED
CVE-2022-45988
@@ -2064,8 +2098,8 @@ CVE-2022-45914 (The ESL (Electronic Shelf Label)
protocol, as implemented by (fo
NOT-FOR-US: ESL (Electronic Shelf Label) protocol
CVE-2022-45913
RESERVED
-CVE-2022-45912
- RESERVED
+CVE-2022-45912 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15
and 9.0. ...)
+ TODO: check
CVE-2022-45911
RESERVED
CVE-2022-4145
@@ -2491,12 +2525,12 @@ CVE-2022-45773
RESERVED
CVE-2022-45772
RESERVED
-CVE-2022-45771
- RESERVED
+CVE-2022-45771 (An issue in the /api/audits component of Pwndoc v0.5.3 allows
attacker ...)
+ TODO: check
CVE-2022-45770
RESERVED
-CVE-2022-45769
- RESERVED
+CVE-2022-45769 (A cross-site scripting (XSS) vulnerability in ClicShopping_V3
v3.402 a ...)
+ TODO: check
CVE-2022-45768
RESERVED
CVE-2022-45767
@@ -3169,12 +3203,12 @@ CVE-2022-45483 (Lazy Mouse allows an attacker (in a man
in the middle position b
NOT-FOR-US: Lazy Mouse
CVE-2022-45482 (Lazy Mouse server enforces weak password requirements and
doesn't impl ...)
NOT-FOR-US: Lazy Mouse
-CVE-2022-45481
- RESERVED
+CVE-2022-45481 (The default configuration of Lazy Mouse does not require a
password, a ...)
+ TODO: check
CVE-2022-45480 (PC Keyboard WiFi & Bluetooth allows an attacker (in a
man-in-the-m ...)
TODO: check
-CVE-2022-45479
- RESERVED
+CVE-2022-45479 (PC Keyboard allows remote unauthenticated users to send
instructions t ...)
+ TODO: check
CVE-2022-45478 (Telepad allows an attacker (in a man-in-the-middle position
between th ...)
TODO: check
CVE-2022-45477 (Telepad allows remote unauthenticated users to send
instructions to th ...)
@@ -4029,8 +4063,8 @@ CVE-2022-45285
RESERVED
CVE-2022-45284
RESERVED
-CVE-2022-45283
- RESERVED
+CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow
in the s ...)
+ TODO: check
CVE-2022-45282
RESERVED
CVE-2022-45281
@@ -4884,10 +4918,10 @@ CVE-2022-45022
RESERVED
CVE-2022-45021
RESERVED
-CVE-2022-45020
- RESERVED
-CVE-2022-45019
- RESERVED
+CVE-2022-45020 (Rukovoditel v3.2.1 was discovered to contain a DOM-based
cross-site sc ...)
+ TODO: check
+CVE-2022-45019 (SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL
injection vulner ...)
+ TODO: check
CVE-2022-45018
RESERVED
CVE-2022-45017 (A cross-site scripting (XSS) vulnerability in the Overview
Page settin ...)
@@ -8276,8 +8310,8 @@ CVE-2022-44041
RESERVED
CVE-2022-44040
RESERVED
-CVE-2022-44039
- RESERVED
+CVE-2022-44039 (Franklin Fueling System FFS Colibri 1.9.22.8925 is affected
by: File s ...)
+ TODO: check
CVE-2022-44038 (Russound XSourcePlayer 777D v06.08.03 was discovered to
contain a remo ...)
NOT-FOR-US: Russound XSourcePlayer 777D
CVE-2022-44037 (An access control issue in APsystems ENERGY COMMUNICATION UNIT
(ECU-C) ...)
@@ -8342,8 +8376,8 @@ CVE-2022-44011
RESERVED
CVE-2022-44010
RESERVED
-CVE-2022-44009
- RESERVED
+CVE-2022-44009 (Improper access control in Key-Value RBAC in StackStorm
version 3.7.0 ...)
+ TODO: check
CVE-2022-44008 (An issue was discovered in BACKCLICK Professional 5.9.63. Due
to impro ...)
NOT-FOR-US: BACKCLICK Professional
CVE-2022-44007 (An issue was discovered in BACKCLICK Professional 5.9.63. Due
to an un ...)
@@ -10852,8 +10886,8 @@ CVE-2022-43708 (MyBB 1.8.31 has a (issue 2 of 2)
cross-site scripting (XSS) vuln
NOT-FOR-US: MyBB
CVE-2022-43707 (MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in
the visu ...)
NOT-FOR-US: MyBB
-CVE-2022-43706
- RESERVED
+CVE-2022-43706 (Cross-site scripting (XSS) vulnerability in the Web UI of
StackStorm v ...)
+ TODO: check
CVE-2022-43705 (In Botan before 2.19.3, it is possible to forge OCSP responses
due to ...)
- botan 2.19.3+dfsg-1
[bullseye] - botan <no-dsa> (Minor issue)
@@ -11280,26 +11314,25 @@ CVE-2022-43559
RESERVED
CVE-2022-43558
RESERVED
-CVE-2022-43557
- RESERVED
-CVE-2022-43556
- RESERVED
+CVE-2022-43557 (The BD BodyGuard™ infusion pumps specified allow for
access thro ...)
+ TODO: check
+CVE-2022-43556 (Concrete CMS (formerly concrete5) below 8.5.10 and between
9.0.0 and 9 ...)
+ TODO: check
CVE-2022-43555
RESERVED
CVE-2022-43554
RESERVED
-CVE-2022-43553
- RESERVED
+CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version
2.0.9-ho ...)
+ TODO: check
CVE-2022-43552
RESERVED
CVE-2022-43551
RESERVED
CVE-2022-43550
RESERVED
-CVE-2022-43549
- RESERVED
-CVE-2022-43548 [DNS rebinding in --inspect via invalid octal IP address]
- RESERVED
+CVE-2022-43549 (Improper authentication in Veeam Backup for Google Cloud v1.0
and v3.0 ...)
+ TODO: check
+CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js
versions <14 ...)
- nodejs 18.12.1+dfsg-1 (bug #1023518)
NOTE:
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548
CVE-2022-43547
@@ -11360,8 +11393,8 @@ CVE-2022-43518 (An authenticated path traversal
vulnerability exists in the Arub
NOT-FOR-US: Aruba
CVE-2022-43517
RESERVED
-CVE-2022-43516
- RESERVED
+CVE-2022-43516 (A Firewall Rule which allows all incoming TCP connections to
all progr ...)
+ TODO: check
CVE-2022-43515 (Zabbix Frontend provides a feature that allows admins to
maintain the ...)
TODO: check
CVE-2022-43514
@@ -12492,8 +12525,8 @@ CVE-2022-43099
RESERVED
CVE-2022-43098
RESERVED
-CVE-2022-43097
- RESERVED
+CVE-2022-43097 (Phpgurukul User Registration & User Management System v3.0
was dis ...)
+ TODO: check
CVE-2022-43096 (Mediatrix 4102 before v48.5.2718 allows local attackers to
gain root a ...)
NOT-FOR-US: Mediatrix
CVE-2022-43095
@@ -13570,64 +13603,64 @@ CVE-2022-3452 (A vulnerability was found in
SourceCodester Book Store Management
NOT-FOR-US: SourceCodester Book Store Management System
CVE-2022-42783
RESERVED
-CVE-2022-42782
- RESERVED
-CVE-2022-42781
- RESERVED
-CVE-2022-42780
- RESERVED
-CVE-2022-42779
- RESERVED
-CVE-2022-42778
- RESERVED
-CVE-2022-42777
- RESERVED
-CVE-2022-42776
- RESERVED
-CVE-2022-42775
- RESERVED
-CVE-2022-42774
- RESERVED
-CVE-2022-42773
- RESERVED
-CVE-2022-42772
- RESERVED
-CVE-2022-42771
- RESERVED
-CVE-2022-42770
- RESERVED
-CVE-2022-42769
- RESERVED
-CVE-2022-42768
- RESERVED
-CVE-2022-42767
- RESERVED
-CVE-2022-42766
- RESERVED
-CVE-2022-42765
- RESERVED
-CVE-2022-42764
- RESERVED
-CVE-2022-42763
- RESERVED
-CVE-2022-42762
- RESERVED
-CVE-2022-42761
- RESERVED
-CVE-2022-42760
- RESERVED
-CVE-2022-42759
- RESERVED
-CVE-2022-42758
- RESERVED
-CVE-2022-42757
- RESERVED
-CVE-2022-42756
- RESERVED
-CVE-2022-42755
- RESERVED
-CVE-2022-42754
- RESERVED
+CVE-2022-42782 (In wlan driver, there is a possible missing permission check,
This cou ...)
+ TODO: check
+CVE-2022-42781 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42780 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42779 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42778 (In windows manager service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-42777 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-42776 (In UscAIEngine service, there is a missing permission check.
This coul ...)
+ TODO: check
+CVE-2022-42775 (In camera driver, there is a possible memory corruption due to
imprope ...)
+ TODO: check
+CVE-2022-42774 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42773 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42772 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42771 (In wlan driver, there is a race condition, This could lead to
local de ...)
+ TODO: check
+CVE-2022-42770 (In wlan driver, there is a race condition, This could lead to
local de ...)
+ TODO: check
+CVE-2022-42769 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42768 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42767 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42766 (In wlan driver, there is a possible missing permission check,
This cou ...)
+ TODO: check
+CVE-2022-42765 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42764 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42763 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42762 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42761 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42760 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42759 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42758 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42757 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42756 (In sensor driver, there is a possible buffer overflow due to a
missing ...)
+ TODO: check
+CVE-2022-42755 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-42754 (In npu driver, there is a memory corruption due to a use after
free. T ...)
+ TODO: check
CVE-2022-42753 (SalonERP version 3.0.2 allows an external attacker to steal
the cookie ...)
NOT-FOR-US: SalonERP
CVE-2022-42752
@@ -13790,13 +13823,11 @@ CVE-2022-42708
RESERVED
CVE-2022-42707 (In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04
before 22. ...)
- mahara <removed>
-CVE-2022-42706
- RESERVED
+CVE-2022-42706 (An issue was discovered in Sangoma Asterisk through 16.28, 17
and 18 t ...)
- asterisk <unfixed>
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30176
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-009.html
-CVE-2022-42705
- RESERVED
+CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk
16.28, 18.1 ...)
- asterisk <unfixed>
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html
@@ -18339,8 +18370,8 @@ CVE-2022-40920
RESERVED
CVE-2022-40919
RESERVED
-CVE-2022-40918
- RESERVED
+CVE-2022-40918 (Buffer overflow in firmware lewei_cam binary version 2.0.10 in
Force 1 ...)
+ TODO: check
CVE-2022-40917
RESERVED
CVE-2022-40916
@@ -19166,8 +19197,8 @@ CVE-2022-40605 (MITRE CALDERA before 4.1.0 allows XSS
in the Operations tab and/
NOT-FOR-US: MITRE CALDERA
CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4, part of a url was
unnecessarily ...)
- airflow <itp> (bug #819700)
-CVE-2022-40603
- RESERVED
+CVE-2022-40603 (A cross-site scripting (XSS) vulnerability in the CGI program
of Zyxel ...)
+ TODO: check
CVE-2022-40602 (A flaw in the Zyxel LTE3301-M209 firmware verisons prior to
V1.00(ABLG ...)
NOT-FOR-US: Zyxel
CVE-2022-40601
@@ -19917,8 +19948,8 @@ CVE-2022-40261 (An attacker can exploit this
vulnerability to elevate privileges
NOT-FOR-US: AMI
CVE-2022-40260
RESERVED
-CVE-2022-40259
- RESERVED
+CVE-2022-40259 (AMI MegaRAC Redfish Arbitrary Code Execution ...)
+ TODO: check
CVE-2022-40258
RESERVED
CVE-2022-40257 (An HTML injection vulnerability exists in CERT/CC VINCE
software prior ...)
@@ -19951,8 +19982,8 @@ CVE-2022-40244
RESERVED
CVE-2022-40243
RESERVED
-CVE-2022-40242
- RESERVED
+CVE-2022-40242 (MegaRAC Default Credentials Vulnerability ...)
+ TODO: check
CVE-2022-40241
RESERVED
CVE-2022-40240
@@ -22657,18 +22688,18 @@ CVE-2022-39136 (A vulnerability has been identified
in JT2Go (All versions <
NOT-FOR-US: Siemens
CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators
EXISTS_NOD ...)
NOT-FOR-US: Apache Calcite
-CVE-2022-39134
- RESERVED
-CVE-2022-39133
- RESERVED
-CVE-2022-39132
- RESERVED
-CVE-2022-39131
- RESERVED
-CVE-2022-39130
- RESERVED
-CVE-2022-39129
- RESERVED
+CVE-2022-39134 (In audio driver, there is a use after free due to a race
condition. Th ...)
+ TODO: check
+CVE-2022-39133 (In wlan driver, there is a possible missing bounds check, This
could l ...)
+ TODO: check
+CVE-2022-39132 (In camera driver, there is a possible out of bounds write due
to a mis ...)
+ TODO: check
+CVE-2022-39131 (In camera driver, there is a possible memory corruption due to
imprope ...)
+ TODO: check
+CVE-2022-39130 (In face detect driver, there is a possible out of bounds write
due to ...)
+ TODO: check
+CVE-2022-39129 (In face detect driver, there is a possible out of bounds write
due to ...)
+ TODO: check
CVE-2022-39128 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
NOT-FOR-US: Unisoc
CVE-2022-39127 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
@@ -22713,40 +22744,40 @@ CVE-2022-39108 (In Music service, there is a missing
permission check. This coul
NOT-FOR-US: Unisoc
CVE-2022-39107 (In Soundrecorder service, there is a missing permission check.
This co ...)
NOT-FOR-US: Unisoc
-CVE-2022-39106
- RESERVED
+CVE-2022-39106 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
+ TODO: check
CVE-2022-39105 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
NOT-FOR-US: Unisoc
CVE-2022-39104
RESERVED
CVE-2022-39103 (In Gallery service, there is a missing permission check. This
could le ...)
NOT-FOR-US: Unisoc
-CVE-2022-39102
- RESERVED
-CVE-2022-39101
- RESERVED
-CVE-2022-39100
- RESERVED
-CVE-2022-39099
- RESERVED
-CVE-2022-39098
- RESERVED
-CVE-2022-39097
- RESERVED
-CVE-2022-39096
- RESERVED
-CVE-2022-39095
- RESERVED
-CVE-2022-39094
- RESERVED
-CVE-2022-39093
- RESERVED
-CVE-2022-39092
- RESERVED
-CVE-2022-39091
- RESERVED
-CVE-2022-39090
- RESERVED
+CVE-2022-39102 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-39101 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-39100 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-39099 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-39098 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-39097 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-39096 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-39095 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-39094 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-39093 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-39092 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-39091 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2022-39090 (In power management service, there is a missing permission
check. This ...)
+ TODO: check
CVE-2022-39089
RESERVED
CVE-2022-39088
@@ -25201,8 +25232,8 @@ CVE-2022-2829 (Cross-site Scripting (XSS) - Stored in
GitHub repository yetiforc
NOT-FOR-US: yetiforcecrm
CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal
inform ...)
NOT-FOR-US: Octopus Server
-CVE-2022-2827
- RESERVED
+CVE-2022-2827 (AMI MegaRAC User Enumeration Vulnerability ...)
+ TODO: check
CVE-2022-2826 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with
an exampl ...)
@@ -25251,10 +25282,10 @@ CVE-2022-38339 (Safe Software FME Server v2021.2.5,
v2022.0.0.2 and below contai
NOT-FOR-US: Safe Software FME Server
CVE-2022-38338
RESERVED
-CVE-2022-38337
- RESERVED
-CVE-2022-38336
- RESERVED
+CVE-2022-38337 (When aborting a SFTP connection, MobaXterm before v22.1 sends
a hardco ...)
+ TODO: check
+CVE-2022-38336 (An access control issue in MobaXterm before v22.1 allows
attackers to ...)
+ TODO: check
CVE-2022-38335 (Vtiger CRM v7.4.0 was discovered to contain a stored
cross-site script ...)
NOT-FOR-US: Vtiger CRM
CVE-2022-38334 (XPDF v4.04 and earlier was discovered to contain a stack
overflow via ...)
@@ -26667,8 +26698,8 @@ CVE-2022-37785
RESERVED
CVE-2022-37784
RESERVED
-CVE-2022-37783
- RESERVED
+CVE-2022-37783 (All Craft CMS versions between 3.0.0 and 3.7.32 disclose
password hash ...)
+ TODO: check
CVE-2022-37782
RESERVED
CVE-2022-37781 (fdkaac v1.0.3 was discovered to contain a heap buffer overflow
via __i ...)
@@ -27861,8 +27892,7 @@ CVE-2022-37340
RESERVED
CVE-2022-37326
RESERVED
-CVE-2022-37325
- RESERVED
+CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through
18.14.0, an ...)
- asterisk <unfixed>
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30103
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-007.html
@@ -33273,37 +33303,34 @@ CVE-2022-35262 (A denial of service vulnerability
exists in the web_server hashF
NOT-FOR-US: Robustel R1510
CVE-2022-35261 (A denial of service vulnerability exists in the web_server
hashFirst f ...)
NOT-FOR-US: Robustel R1510
-CVE-2022-35260 [.netrc parser out-of-bounds access]
- RESERVED
+CVE-2022-35260 (curl can be told to parse a `.netrc` file for credentials. If
that fil ...)
- curl 7.86.0-1
[bullseye] - curl <not-affected> (Vulnerable code not present)
[buster] - curl <not-affected> (Vulnerable code not present)
NOTE: https://curl.se/docs/CVE-2022-35260.html
NOTE: introduced by:
https://github.com/curl/curl/commit/eeaae10c0fb27aa066fdc296074edeacfdeb6522
(curl-7_84_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/c97ec984fb2bc919a3aa863e0476dffa377b184c
(curl-7_86_0)
-CVE-2022-35259
- RESERVED
-CVE-2022-35258
- RESERVED
+CVE-2022-35259 (XML Injection with Endpoint Manager 2022. 3 and below causing
a downlo ...)
+ TODO: check
+CVE-2022-35258 (An unauthenticated attacker can cause a denial-of-service to
the follo ...)
+ TODO: check
CVE-2022-35257 (A local privilege escalation vulnerability in UI Desktop for
Windows ( ...)
NOT-FOR-US: UI Desktop for Windows
-CVE-2022-35256 [HTTP Request Smuggling Due to Incorrect Parsing of Header
Fields]
- RESERVED
+CVE-2022-35256 (The llhttp parser in the http module in Node v18.7.0 does not
correctl ...)
- nodejs 18.10.0+dfsg-1
[buster] - nodejs <not-affected> (llhttp dependency/embedding
introduced in 12.x)
- llhttp <itp> (bug #977716)
NOTE:
https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256
NOTE:
https://github.com/nodejs/node/commit/2e92e5b71d071cb989d8d109d278427041a47e44
(main)
NOTE:
https://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0
(v14.20.1)
-CVE-2022-35255 [Weak randomness in WebCrypto keygen]
- RESERVED
+CVE-2022-35255 (A weak randomness in WebCrypto keygen vulnerability exists in
Node.js ...)
- nodejs 18.10.0+dfsg-1
[buster] - nodejs <not-affected> (Vulnerable code introduced later)
NOTE:
https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#weak-randomness-in-webcrypto-keygen-high-cve-2022-35255
NOTE:
https://github.com/nodejs/node/commit/0c2a5723beff39d1f62daec96b5389da3d427e79
(v18.9.1)
NOTE: Introduced by
https://github.com/nodejs/node/commit/dae283d96fd31ad0f30840a7e55ac97294f505ac
(v15.0.0)
-CVE-2022-35254
- RESERVED
+CVE-2022-35254 (An unauthenticated attacker can cause a denial-of-service to
the follo ...)
+ TODO: check
CVE-2022-35253 (A vulnerability exists in Hyperledger Fabric <2.4 could
allow an at ...)
NOT-FOR-US: Hyperledger Fabric
CVE-2022-35252 (When curl is used to retrieve and parse cookies from a HTTP(S)
server, ...)
@@ -34453,8 +34480,8 @@ CVE-2022-34883 (OS Command Injection vulnerability in
Hitachi RAID Manager Stora
NOT-FOR-US: Hitachi
CVE-2022-34882 (Information Exposure Through an Error Message vulnerability in
Hitachi ...)
NOT-FOR-US: Hitachi
-CVE-2022-34881
- RESERVED
+CVE-2022-34881 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
+ TODO: check
CVE-2022-34880
RESERVED
CVE-2022-34879 (Reflected Cross Site Scripting (XSS) vulnerabilities in AST
Agent Time ...)
@@ -41559,8 +41586,7 @@ CVE-2022-32226 (An improper access control
vulnerability exists in Rocket.Chat &
NOT-FOR-US: Rockert.Chat
CVE-2022-32225 (A reflected DOM-Based XSS vulnerability has been discovered in
the Hel ...)
NOT-FOR-US: Veeam
-CVE-2022-32224
- RESERVED
+CVE-2022-32224 (A possible escalation to RCE vulnerability exists when using
YAML seri ...)
- rails 2:6.1.6.1+dfsg-1 (bug #1016140)
NOTE: https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
NOTE: Fixed by:
https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a
(main)
@@ -41574,8 +41600,7 @@ CVE-2022-32222 (A cryptographic vulnerability exists on
Node.js on linux in vers
- nodejs <not-affected> (Specific to Node 18 and nodejs-distributed
binaries)
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#attempt-to-read-openssl-cnf-from-home-iojs-build-upon-startup-medium-cve-2022-32222
NOTE:
https://github.com/nodejs/node/commit/a5fc2deb43f85dc2195a1fe1683b9c2e7443b001
-CVE-2022-32221 [POST following PUT confusion]
- RESERVED
+CVE-2022-32221 (When doing HTTP(S) transfers, libcurl might erroneously use
the read c ...)
- curl 7.86.0-1
NOTE: https://curl.se/docs/CVE-2022-32221.html
NOTE: https://github.com/curl/curl/issues/9507
@@ -47963,15 +47988,13 @@ CVE-2022-30125
RESERVED
CVE-2022-30124 (An improper authentication vulnerability exists in Rocket.Chat
Mobile ...)
NOT-FOR-US: Rocket.Chat Mobile App
-CVE-2022-30123 [Possible shell escape sequence injection vulnerability in Rack]
- RESERVED
+CVE-2022-30123 (A sequence injection vulnerability exists in Rack <2.0.9.1,
<2.1 ...)
{DLA-3095-1}
- ruby-rack 2.2.4-1
NOTE: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
NOTE: https://github.com/advisories/GHSA-wq4h-7r42-5hrr
NOTE:
https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88
(main)
-CVE-2022-30122 [Denial of Service Vulnerability in Rack Multipart Parsing]
- RESERVED
+CVE-2022-30122 (A possible denial of service vulnerability exists in Rack
<2.0.9.1, ...)
{DLA-3095-1}
- ruby-rack 2.2.4-1
NOTE: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
@@ -55038,8 +55061,8 @@ CVE-2022-27774 (An insufficiently protected credentials
vulnerability exists in
NOTE: https://curl.se/docs/CVE-2022-27774.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/620ea21410030a9977396b4661806bc187231b79
(curl-7_83_0)
NOTE: Followup:
https://github.com/curl/curl/commit/139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08
(curl-7_83_0)
-CVE-2022-27773
- RESERVED
+CVE-2022-27773 (A privilege escalation vulnerability is identified in Ivanti
EPM (LAND ...)
+ TODO: check
CVE-2022-27772 (** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to
version ...)
NOT-FOR-US: Spring Boot
CVE-2022-27771
@@ -60095,8 +60118,8 @@ CVE-2022-25914 (The package
com.google.cloud.tools:jib-core before 0.22.0 are vu
NOT-FOR-US: com.google.cloud.tools:jib-core
CVE-2022-25913
RESERVED
-CVE-2022-25912
- RESERVED
+CVE-2022-25912 (The package simple-git before 3.15.0 are vulnerable to Remote
Code Exe ...)
+ TODO: check
CVE-2022-25911
RESERVED
CVE-2022-25910
@@ -60338,8 +60361,8 @@ CVE-2022-24441 (The package snyk before 1.1064.0 are
vulnerable to Code Injectio
TODO: check
CVE-2022-24440 (The package cocoapods-downloader before 1.6.0, from 1.6.2 and
before 1 ...)
NOT-FOR-US: cocoapods-downloader
-CVE-2022-24439
- RESERVED
+CVE-2022-24439 (All versions of package gitpython are vulnerable to Remote
Code Execut ...)
+ TODO: check
CVE-2022-24438
RESERVED
CVE-2022-24437 (The package git-pull-or-clone before 2.0.2 are vulnerable to
Command I ...)
@@ -68286,8 +68309,8 @@ CVE-2022-23469
RESERVED
CVE-2022-23468
RESERVED
-CVE-2022-23467
- RESERVED
+CVE-2022-23467 (OpenRazer is an open source driver and user-space daemon to
control Ra ...)
+ TODO: check
CVE-2022-23466
RESERVED
CVE-2022-23465 (SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit
a94e6b24 ...)
@@ -69696,8 +69719,8 @@ CVE-2022-23145
RESERVED
CVE-2022-23144 (There is a broken access control vulnerability in ZTE ZXvSTB
product. ...)
NOT-FOR-US: ZTE
-CVE-2022-23143
- RESERVED
+CVE-2022-23143 (ZTE OTCP product is impacted by a permission and access
control vulner ...)
+ TODO: check
CVE-2022-23142 (ZXEN CG200 has a DoS vulnerability. An attacker could
construct and se ...)
NOT-FOR-US: ZXEN CG200
CVE-2022-23141 (ZXMP M721 has an information leak vulnerability. Since the
serial port ...)
@@ -95554,8 +95577,8 @@ CVE-2021-39436
RESERVED
CVE-2021-39435
RESERVED
-CVE-2021-39434
- RESERVED
+CVE-2021-39434 (A default username and password for an administrator account
was disco ...)
+ TODO: check
CVE-2021-39433 (A local file inclusion (LFI) vulnerability exists in version
BIQS IT B ...)
NOT-FOR-US: BIQS IT Biqs-drive
CVE-2021-39432 (diplib v3.0.0 is vulnerable to Double Free. ...)
@@ -108566,8 +108589,8 @@ CVE-2021-34183
REJECTED
CVE-2021-34182
RESERVED
-CVE-2021-34181
- RESERVED
+CVE-2021-34181 (Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via
p_name par ...)
+ TODO: check
CVE-2021-34180
RESERVED
CVE-2021-34179
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b30ad7c177e4cbd9fc1fbd0759febc427d835bb9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b30ad7c177e4cbd9fc1fbd0759febc427d835bb9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
