[Git][security-tracker-team/security-tracker][master] automatic update

Sun, 25 Dec 2022 12:10:39 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4eb03e48 by security tracker role at 2022-12-25T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2022-4735 (A vulnerability classified as problematic was found in 
asrashley dash- ...)
+       TODO: check
+CVE-2021-4278 (A vulnerability classified as problematic has been found in 
cronvel tr ...)
+       TODO: check
+CVE-2019-25084 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
 CVE-2022-47952
        RESERVED
 CVE-2022-47951
@@ -16,8 +22,8 @@ CVE-2022-4733 (Cross-site Scripting (XSS) - Stored in GitHub 
repository openemr/
        NOT-FOR-US: OpenEMR
 CVE-2022-4732 (Unrestricted Upload of File with Dangerous Type in GitHub 
repository m ...)
        NOT-FOR-US: microweber
-CVE-2022-4731
-       RESERVED
+CVE-2022-4731 (A vulnerability, which was classified as problematic, was found 
in mya ...)
+       TODO: check
 CVE-2022-4730 (A vulnerability was found in Graphite Web. It has been 
classified as p ...)
        - graphite-web <unfixed>
        NOTE: 
https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
@@ -39,16 +45,16 @@ CVE-2022-4726 (A vulnerability classified as critical was 
found in SourceCodeste
        NOT-FOR-US: SourceCodester Sanitization Management System
 CVE-2022-4725 (A vulnerability was found in AWS SDK 2.59.0. It has been rated 
as crit ...)
        TODO: check
-CVE-2021-4277
-       RESERVED
-CVE-2021-4276
-       RESERVED
-CVE-2020-36629
-       RESERVED
-CVE-2020-36628
-       RESERVED
-CVE-2020-36627
-       RESERVED
+CVE-2021-4277 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2021-4276 (** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability 
was fou ...)
+       TODO: check
+CVE-2020-36629 (A vulnerability classified as critical was found in SimbCo 
httpster. T ...)
+       TODO: check
+CVE-2020-36628 (A vulnerability classified as critical has been found in 
Calsign APDE. ...)
+       TODO: check
+CVE-2020-36627 (A vulnerability was found in Macaron i18n. It has been 
declared as pro ...)
+       TODO: check
 CVE-2020-36626 (A vulnerability classified as critical has been found in 
Modern Tribe  ...)
        NOT-FOR-US: Modern Tribe Panel Builder Plugin
 CVE-2022-47946 (An issue was discovered in the Linux kernel 5.10.x before 
5.10.155. A  ...)
@@ -22755,16 +22761,14 @@ CVE-2022-41322 (In Kitty before 0.26.2, insufficient 
validation in the desktop n
        [bullseye] - kitty <no-dsa> (Minor issue)
        [buster] - kitty <no-dsa> (Minor issue)
        NOTE: 
https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f
 (v0.26.2)
-CVE-2022-41318 [Buffer Over Read in SSPI and SMB Authentication]
-       RESERVED
+CVE-2022-41318 (A buffer over-read was discovered in libntlmauth in Squid 2.5 
through  ...)
        {DSA-5258-1 DLA-3151-1}
        - squid 5.7-1 (bug #1020586)
        - squid3 <removed>
        NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/2
        NOTE: Squid 4: 
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch
        NOTE: Squid 5: 
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch (5.7)
-CVE-2022-41317 [Exposure of Sensitive Information in Cache Manager]
-       RESERVED
+CVE-2022-41317 (An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 
through 5. ...)
        {DSA-5258-1 DLA-3151-1}
        - squid 5.7-1 (bug #1020587)
        - squid3 <removed>
@@ -25891,8 +25895,8 @@ CVE-2022-40007
        RESERVED
 CVE-2022-40006
        RESERVED
-CVE-2022-40005
-       RESERVED
+CVE-2022-40005 (Intelbras WiFiber 120AC inMesh before 1-1-220826 allows 
command inject ...)
+       TODO: check
 CVE-2022-40004 (Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 
allows  ...)
        NOT-FOR-US: Things Board
 CVE-2022-40003
@@ -32216,8 +32220,7 @@ CVE-2022-37708
        RESERVED
 CVE-2022-37707
        RESERVED
-CVE-2022-37706
-       RESERVED
+CVE-2022-37706 (enlightenment_sys in Enlightenment before 0.25.4 allows local 
users to ...)
        {DSA-5233-1 DLA-3115-1}
        - e17 0.25.4-1
        NOTE: https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eb03e489c2259e423ad31d94c90e35284d16894

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eb03e489c2259e423ad31d94c90e35284d16894
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to