Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d6f88f5 by security tracker role at 2022-12-08T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2022-46792 (Hasura GraphQL Engine before 2.15.2 mishandles row-level
authorization ...)
+ TODO: check
+CVE-2022-46791
+ RESERVED
+CVE-2022-46790
+ RESERVED
+CVE-2022-46789
+ RESERVED
+CVE-2022-46788
+ RESERVED
+CVE-2022-46787
+ RESERVED
+CVE-2022-46786
+ RESERVED
+CVE-2022-46785
+ RESERVED
+CVE-2022-46784
+ RESERVED
+CVE-2022-46783
+ RESERVED
+CVE-2022-46782
+ RESERVED
+CVE-2022-46781
+ RESERVED
+CVE-2022-46780
+ RESERVED
+CVE-2022-46779
+ RESERVED
+CVE-2022-46778
+ RESERVED
+CVE-2022-46777
+ RESERVED
+CVE-2022-46776
+ RESERVED
+CVE-2022-46775
+ RESERVED
+CVE-2022-46774
+ RESERVED
+CVE-2022-46773
+ RESERVED
+CVE-2022-46772
+ RESERVED
+CVE-2022-46771
+ RESERVED
+CVE-2022-46770 (qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x
through ...)
+ TODO: check
+CVE-2022-46769
+ RESERVED
+CVE-2022-4346
+ RESERVED
+CVE-2022-4345
+ RESERVED
+CVE-2022-4344
+ RESERVED
+CVE-2022-4343
+ RESERVED
+CVE-2022-4342
+ RESERVED
+CVE-2022-4341 (A vulnerability has been found in csliuwy coder-chain_gdut and
classif ...)
+ TODO: check
CVE-2022-46768
RESERVED
CVE-2022-46767
@@ -898,8 +958,8 @@ CVE-2022-4292 (Use After Free in GitHub repository vim/vim
prior to 9.0.0882. ..
- vim <unfixed>
NOTE: https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b
NOTE:
https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93
(v9.0.0882)
-CVE-2022-4291
- RESERVED
+CVE-2022-4291 (The aswjsflt.dll library from Avast Antivirus windows contained
a pote ...)
+ TODO: check
CVE-2022-4290
RESERVED
CVE-2022-4289
@@ -1288,8 +1348,8 @@ CVE-2023-21525
RESERVED
CVE-2023-21524
RESERVED
-CVE-2022-4261
- RESERVED
+CVE-2022-4261 (Rapid7 Nexpose versions prior to 6.6.172 failed to reliably
validate t ...)
+ TODO: check
CVE-2022-4260
RESERVED
CVE-2022-4259
@@ -23035,8 +23095,8 @@ CVE-2022-39160
RESERVED
CVE-2022-3093
RESERVED
-CVE-2022-3092
- RESERVED
+CVE-2022-3092 (GE CIMPICITY versions 2022 and prior is vulnerable to an
out-of-bounds ...)
+ TODO: check
CVE-2022-3091
RESERVED
CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior,
Crimson 3.1 ...)
@@ -23047,12 +23107,12 @@ CVE-2022-3088 (UC-8100A-ME-T System Image: Versions
v1.0 to v1.6, UC-2100 System
NOT-FOR-US: Moxa
CVE-2022-3087
RESERVED
-CVE-2022-3086 (An attacker with physical access to Moxa's bootloader versions
of UC-8 ...)
+CVE-2022-3086 (Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are
vulnerabl ...)
NOT-FOR-US: Moxa
CVE-2022-3085
RESERVED
-CVE-2022-3084
- RESERVED
+CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is vulnerable when data
from a fa ...)
+ TODO: check
CVE-2022-3083
RESERVED
CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux
kernel befo ...)
@@ -24561,16 +24621,16 @@ CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds
read in extractImageSection in
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
NOTE: Crash in CLI tool, no security impact
-CVE-2022-2952
- RESERVED
+CVE-2022-2952 (GE CIMPICITY versions 2022 and prior is vulnerable when data
from a fa ...)
+ TODO: check
CVE-2022-2951
RESERVED
CVE-2022-2950
RESERVED
CVE-2022-2949
RESERVED
-CVE-2022-2948
- RESERVED
+CVE-2022-2948 (GE CIMPICITY versions 2022 and prior is vulnerable to a
heap-based buf ...)
+ TODO: check
CVE-2022-2947
RESERVED
CVE-2022-38666 (Jenkins NS-ND Integration Performance Publisher Plugin
4.8.0.146 and e ...)
@@ -41236,8 +41296,8 @@ CVE-2022-2004 (AutomationDirect DirectLOGIC is
vulnerable to a a specially craft
NOT-FOR-US: AutomationDirect
CVE-2022-2003 (AutomationDirect DirectLOGIC is vulnerable to a specifically
crafted s ...)
NOT-FOR-US: AutomationDirect
-CVE-2022-2002
- RESERVED
+CVE-2022-2002 (GE CIMPICITY versions 2022 and prior is vulnerable when data
from faul ...)
+ TODO: check
CVE-2022-2001 (The DX Share Selection plugin for WordPress is vulnerable to
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-32498 (Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL
Hijackin ...)
@@ -68695,20 +68755,20 @@ CVE-2022-23494
RESERVED
CVE-2022-23493
RESERVED
-CVE-2022-23492
- RESERVED
-CVE-2022-23491
- RESERVED
+CVE-2022-23492 (go-libp2p is the offical libp2p implementation in the Go
programming l ...)
+ TODO: check
+CVE-2022-23491 (Certifi is a curated collection of Root Certificates for
validating th ...)
+ TODO: check
CVE-2022-23490
RESERVED
CVE-2022-23489
RESERVED
CVE-2022-23488
RESERVED
-CVE-2022-23487
- RESERVED
-CVE-2022-23486
- RESERVED
+CVE-2022-23487 (js-libp2p is the official javascript Implementation of libp2p
networki ...)
+ TODO: check
+CVE-2022-23486 (libp2p-rust is the official rust language Implementation of
the libp2p ...)
+ TODO: check
CVE-2022-23485
RESERVED
CVE-2022-23484
@@ -68727,8 +68787,8 @@ CVE-2022-23478
RESERVED
CVE-2022-23477
RESERVED
-CVE-2022-23476
- RESERVED
+CVE-2022-23476 (Nokogiri is an open source XML and HTML library for the Ruby
programmi ...)
+ TODO: check
CVE-2022-23475 (daloRADIUS is an open source RADIUS web management
application. daloRa ...)
TODO: check
CVE-2022-23474
@@ -68737,8 +68797,7 @@ CVE-2022-23473
RESERVED
CVE-2022-23472 (Passeo is an open source python password generator. Versions
prior to ...)
TODO: check
-CVE-2022-23471 [CRI plugin: Fix goroutine leak during Exec]
- RESERVED
+CVE-2022-23471 (containerd is an open source container runtime. A bug was
found in con ...)
- containerd 1.6.12~ds1-1
NOTE:
https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9
NOTE:
https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0
@@ -110622,7 +110681,7 @@ CVE-2021-40528 (The ElGamal implementation in
Libgcrypt before 1.9.4 allows plai
NOTE: CVE-2021-40528 and CVE-2021-33560.
CVE-2021-33559
RESERVED
-CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive
information vi ...)
+CVE-2021-33558 (** DISPUTED ** Boa 0.94.13 allows remote attackers to obtain
sensitive ...)
- boa <removed>
CVE-2021-33557 (An XSS issue was discovered in
manage_custom_field_edit_page.php in Ma ...)
- mantis <removed>
@@ -359603,7 +359662,7 @@ CVE-2017-9835 (The gs_alloc_ref_array function in
psi/ialloc.c in Artifex Ghosts
NOTE:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066
(ghostpdl-9.22rc1)
CVE-2017-9834 (SQL injection vulnerability in the WatuPRO plugin before
5.5.3.7 for W ...)
NOT-FOR-US: WatuPRO plugin for WordPress
-CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the
injection of ...)
+CVE-2017-9833 (** DISPUTED ** /cgi-bin/wapopen in Boa 0.94.14rc21 allows the
injectio ...)
NOT-FOR-US: Undetermined product
NOTE: /wapopen is not part of BOA, it's probably an insecure CGI
NOTE: script used in some embedded product relying on BOA as webserver.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6f88f51f6f5d93ac224da24ee1461a61c55328
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6f88f51f6f5d93ac224da24ee1461a61c55328
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
