Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
99b910c0 by security tracker role at 2022-12-28T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,143 @@
+CVE-2022-4817 (A vulnerability was found in centic9 jgit-cookbook. It has been
declar ...)
+ TODO: check
+CVE-2022-4816
+ RESERVED
+CVE-2022-4815
+ RESERVED
+CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos
prior to 0 ...)
+ TODO: check
+CVE-2022-4813 (Insufficient Granularity of Access Control in GitHub repository
usemem ...)
+ TODO: check
+CVE-2022-4812 (Comparison of Object References Instead of Object Contents in
GitHub r ...)
+ TODO: check
+CVE-2022-4811 (Improper Authorization in GitHub repository usememos/memos
prior to 0. ...)
+ TODO: check
+CVE-2022-4810 (Improper Access Control in GitHub repository usememos/memos
prior to 0 ...)
+ TODO: check
+CVE-2022-4809 (Improper Access Control in GitHub repository usememos/memos
prior to 0 ...)
+ TODO: check
+CVE-2022-4808 (Improper Privilege Management in GitHub repository
usememos/memos prio ...)
+ TODO: check
+CVE-2022-4807 (Improper Access Control in GitHub repository usememos/memos
prior to 0 ...)
+ TODO: check
+CVE-2022-4806 (Improper Access Control in GitHub repository usememos/memos
prior to 0 ...)
+ TODO: check
+CVE-2022-4805 (Incorrect Use of Privileged APIs in GitHub repository
usememos/memos p ...)
+ TODO: check
+CVE-2022-4804 (Improper Authorization in GitHub repository usememos/memos
prior to 0. ...)
+ TODO: check
+CVE-2022-4803 (Improper Access Control in GitHub repository usememos/memos
prior to 0 ...)
+ TODO: check
+CVE-2022-4802 (Improper Authorization in GitHub repository usememos/memos
prior to 0. ...)
+ TODO: check
+CVE-2022-4801 (Insufficient Granularity of Access Control in GitHub repository
usemem ...)
+ TODO: check
+CVE-2022-4800 (Improper Verification of Source of a Communication Channel in
GitHub r ...)
+ TODO: check
+CVE-2022-47990
+ RESERVED
+CVE-2022-4799 (Improper Authentication in GitHub repository usememos/memos
prior to 0 ...)
+ TODO: check
+CVE-2022-47989
+ RESERVED
+CVE-2022-47988
+ RESERVED
+CVE-2022-47987
+ RESERVED
+CVE-2022-47986
+ RESERVED
+CVE-2022-47985
+ RESERVED
+CVE-2022-47984
+ RESERVED
+CVE-2022-47983
+ RESERVED
+CVE-2022-47982
+ RESERVED
+CVE-2022-47981
+ RESERVED
+CVE-2022-47980
+ RESERVED
+CVE-2022-4798 (Improper Authorization in GitHub repository usememos/memos
prior to 0. ...)
+ TODO: check
+CVE-2022-47979
+ RESERVED
+CVE-2022-47978
+ RESERVED
+CVE-2022-47977
+ RESERVED
+CVE-2022-47976
+ RESERVED
+CVE-2022-47975
+ RESERVED
+CVE-2022-47974
+ RESERVED
+CVE-2022-4797 (Improper Restriction of Excessive Authentication Attempts in
GitHub re ...)
+ TODO: check
+CVE-2022-4796 (Incorrect Use of Privileged APIs in GitHub repository
usememos/memos p ...)
+ TODO: check
+CVE-2022-4795
+ RESERVED
+CVE-2022-4794
+ RESERVED
+CVE-2022-4793
+ RESERVED
+CVE-2022-4792
+ RESERVED
+CVE-2022-4791
+ RESERVED
+CVE-2022-4790
+ RESERVED
+CVE-2022-4789
+ RESERVED
+CVE-2022-4788
+ RESERVED
+CVE-2022-4787
+ RESERVED
+CVE-2022-4786
+ RESERVED
+CVE-2022-4785
+ RESERVED
+CVE-2022-4784
+ RESERVED
+CVE-2022-4783
+ RESERVED
+CVE-2022-4782
+ RESERVED
+CVE-2022-4781
+ RESERVED
+CVE-2022-4780 (ISOS firmwares from versions 1.81 to 2.00 contain hardcoded
credential ...)
+ TODO: check
+CVE-2022-4779 (StreamX applications from versions 6.02.01 to 6.04.34 are
affected by ...)
+ TODO: check
+CVE-2022-4778 (StreamX applications from versions 6.02.01 to 6.04.34 are
affected by ...)
+ TODO: check
+CVE-2021-46868
+ RESERVED
+CVE-2021-46867
+ RESERVED
+CVE-2021-4294 (A vulnerability was found in OpenShift OSIN. It has been
classified as ...)
+ TODO: check
+CVE-2021-4293 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
problema ...)
+ TODO: check
+CVE-2019-25092 (A vulnerability classified as problematic was found in Nakiami
Mellivo ...)
+ TODO: check
+CVE-2018-25056 (A vulnerability, which was classified as problematic, was
found in yol ...)
+ TODO: check
+CVE-2018-25055 (A vulnerability was found in FarCry Solr Pro Plugin up to
1.5.x. It ha ...)
+ TODO: check
+CVE-2018-25054 (A vulnerability was found in shred cilla. It has been
classified as pr ...)
+ TODO: check
+CVE-2018-25053 (A vulnerability was found in moappi Json2html up to 1.1.x and
classifi ...)
+ TODO: check
+CVE-2018-25052 (A vulnerability has been found in Catalyst-Plugin-Session up
to 0.40 a ...)
+ TODO: check
+CVE-2018-25051 (A vulnerability, which was classified as problematic, was
found in JmP ...)
+ TODO: check
+CVE-2018-25050 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2017-20150 (A vulnerability was found in challenge website. It has been
rated as c ...)
+ TODO: check
CVE-2022-XXXX [RUSTSEC-2022-0074]
- rust-prettytable-rs <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0074.html
@@ -5287,8 +5427,8 @@ CVE-2022-46742 (Code injection in
paddle.audio.functional.get_window in PaddlePa
NOT-FOR-US: PaddlePaddle
CVE-2022-46741 (Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.
...)
NOT-FOR-US: PaddlePaddle
-CVE-2022-46740
- RESERVED
+CVE-2022-46740 (There is a denial of service vulnerability in the Wi-Fi module
of the ...)
+ TODO: check
CVE-2022-46728
RESERVED
CVE-2022-46727
@@ -7761,8 +7901,8 @@ CVE-2022-45877 (OpenHarmony-v3.1.4 and prior versions had
an vulnerability. PIN
NOT-FOR-US: OpenHarmony
CVE-2022-45875
RESERVED
-CVE-2022-45874
- RESERVED
+CVE-2022-45874 (Huawei Aslan Children's Watch has an improper authorization
vulnerabil ...)
+ TODO: check
CVE-2022-45126
RESERVED
CVE-2022-45118 (OpenHarmony-v3.1.2 and prior versions had a vulnerability that
telepho ...)
@@ -10107,8 +10247,8 @@ CVE-2022-3924
RESERVED
CVE-2022-3923
RESERVED
-CVE-2022-3922
- RESERVED
+CVE-2022-3922 (The Broken Link Checker WordPress plugin before 1.11.20 does
not sanit ...)
+ TODO: check
CVE-2022-45134
RESERVED
CVE-2022-45133
@@ -12696,8 +12836,8 @@ CVE-2022-44566
RESERVED
CVE-2022-44565 (An improper access validation vulnerability exists in airMAX
AC <8. ...)
TODO: check
-CVE-2022-44564
- RESERVED
+CVE-2022-44564 (Huawei Aslan Children's Watch has a path traversal
vulnerability. Succ ...)
+ TODO: check
CVE-2022-3811
RESERVED
CVE-2022-3810 (A vulnerability was found in Axiomatic Bento4. It has been
classified ...)
@@ -22253,8 +22393,8 @@ CVE-2022-41581 (The HW_KEYMASTER module has a
vulnerability of not verifying the
NOT-FOR-US: Huawei
CVE-2022-41580 (The HW_KEYMASTER module has a vulnerability of not verifying
the data ...)
NOT-FOR-US: Huawei
-CVE-2022-41579
- RESERVED
+CVE-2022-41579 (There is an insufficient authentication vulnerability in some
Huawei b ...)
+ TODO: check
CVE-2022-41578 (The MPTCP module has an out-of-bounds write
vulnerability.Successful e ...)
NOT-FOR-US: Huawei
CVE-2022-41577 (The kernel server has a vulnerability of not verifying the
length of t ...)
@@ -28859,8 +28999,8 @@ CVE-2022-39014 (Under certain conditions SAP
BusinessObjects Business Intelligen
NOT-FOR-US: SAP
CVE-2022-39013 (Under certain conditions an authenticated attacker can get
access to O ...)
NOT-FOR-US: SAP
-CVE-2022-39012
- RESERVED
+CVE-2022-39012 (Huawei Aslan Children's Watch has an improper input validation
vulnera ...)
+ TODO: check
CVE-2022-39011 (The HISP module has a vulnerability of bypassing the check of
the data ...)
NOT-FOR-US: Huawei
CVE-2022-39010 (The HwChrService module has a vulnerability in permission
control. Suc ...)
@@ -31351,8 +31491,8 @@ CVE-2022-38204
RESERVED
CVE-2022-38203
RESERVED
-CVE-2022-38202
- RESERVED
+CVE-2022-38202 (There is a path traversal vulnerability in Esri ArcGIS Server
versions ...)
+ TODO: check
CVE-2022-38201 (An unvalidated redirect vulnerability exists in Esri Portal
for ArcGIS ...)
NOT-FOR-US: Esri Portal for ArcGIS Quick Capture Web Designer
CVE-2022-38200 (A cross site scripting vulnerability exists in some map
service config ...)
@@ -72289,7 +72429,8 @@ CVE-2022-23969
RESERVED
CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware
before 2022-0 ...)
NOT-FOR-US: Xerox
-CVE-2022-23967 (In TightVNC 1.3.10, there is an integer signedness error and
resultant ...)
+CVE-2022-23967
+ REJECTED
- tightvnc 1:1.3.9-9.1 (bug #1007239)
[buster] - tightvnc 1:1.3.9-9deb10u1
[stretch] - tightvnc 1:1.3.9-9+deb9u1
@@ -73860,10 +74001,10 @@ CVE-2022-23556 (CodeIgniter is a PHP full-stack web
framework. This vulnerabilit
- codeigniter <itp> (bug #471583)
CVE-2022-23555 (authentik is an open-source Identity Provider focused on
flexibility a ...)
TODO: check
-CVE-2022-23554
- RESERVED
-CVE-2022-23553
- RESERVED
+CVE-2022-23554 (Alpine is a scaffolding library in Java. Alpine prior to
version 1.10. ...)
+ TODO: check
+CVE-2022-23553 (Alpine is a scaffolding library in Java. Alpine prior to
version 1.10. ...)
+ TODO: check
CVE-2022-23552
RESERVED
CVE-2022-23551 (aad-pod-identity assigns Azure Active Directory identities to
Kubernet ...)
@@ -92375,7 +92516,8 @@ CVE-2022-20533 (In getSlice of WifiSlice.java, there is
a possible way to connec
NOT-FOR-US: Android
CVE-2022-20532
RESERVED
-CVE-2022-20531 (In placeCall of TelecomManager.java, there is a possible way
to determ ...)
+CVE-2022-20531
+ REJECTED
NOT-FOR-US: Android
CVE-2022-20530 (In strings.xml, there is a possible permission bypass due to a
mislead ...)
NOT-FOR-US: Android
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99b910c03c0e5159500bae112c191ae01ce365e3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99b910c03c0e5159500bae112c191ae01ce365e3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
