Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 66c61060 by security tracker role at 2022-11-11T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,27 @@ +CVE-2022-45146 + RESERVED +CVE-2022-45145 + RESERVED +CVE-2022-45144 + RESERVED +CVE-2022-3941 + RESERVED +CVE-2022-3940 + RESERVED +CVE-2022-3939 + RESERVED +CVE-2022-3938 + RESERVED +CVE-2022-3937 + RESERVED +CVE-2022-3936 + RESERVED +CVE-2022-3935 + RESERVED +CVE-2022-3934 + RESERVED +CVE-2022-3933 + RESERVED CVE-2022-45143 RESERVED CVE-2022-45142 @@ -290,21 +314,27 @@ CVE-2022-3891 CVE-2022-45045 RESERVED CVE-2022-3890 (Heap buffer overflow in Crashpad in Google Chrome on Android prior to ...) + {DSA-5275-1} - chromium 107.0.5304.110-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2022-3889 (Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed ...) + {DSA-5275-1} - chromium 107.0.5304.110-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2022-3888 (Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 a ...) + {DSA-5275-1} - chromium 107.0.5304.110-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2022-3887 (Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 ...) + {DSA-5275-1} - chromium 107.0.5304.110-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2022-3886 (Use after free in Speech Recognition in Google Chrome prior to 107.0.5 ...) + {DSA-5275-1} - chromium 107.0.5304.110-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2022-3885 (Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed ...) + {DSA-5275-1} - chromium 107.0.5304.110-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2022-3884 @@ -6187,8 +6217,8 @@ CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby - rails <unfixed> NOTE: https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4 NOTE: https://github.com/rails/rails/issues/46244 -CVE-2022-3703 - RESERVED +CVE-2022-3703 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...) + TODO: check CVE-2022-3702 RESERVED CVE-2022-3701 @@ -6406,8 +6436,8 @@ CVE-2022-43680 (In libexpat through 2.4.9, there is a use-after free caused by o NOTE: https://github.com/libexpat/libexpat/pull/650 NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4 (R_2_5_0) NOTE: Testcase: https://github.com/libexpat/libexpat/commit/43992e4ae25fc3dc0eec0cd3a29313555d56aee2 (R_2_5_0) -CVE-2022-43679 - RESERVED +CVE-2022-43679 (The Docker image of ownCloud Server through 10.11 contains a misconfig ...) + TODO: check CVE-2022-43678 RESERVED CVE-2022-43677 (In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP ...) @@ -6924,8 +6954,8 @@ CVE-2022-42462 RESERVED CVE-2022-42461 RESERVED -CVE-2022-42460 - RESERVED +CVE-2022-42460 (Broken Access Control vulnerability leading to Stored Cross-Site Scrip ...) + TODO: check CVE-2022-42459 RESERVED CVE-2022-41996 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada p ...) @@ -8012,8 +8042,8 @@ CVE-2022-43076 (A cross-site scripting (XSS) vulnerability in /admin/edit-admin. NOT-FOR-US: Web-Based Student Clearance System CVE-2022-43075 RESERVED -CVE-2022-43074 - RESERVED +CVE-2022-43074 (AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulne ...) + TODO: check CVE-2022-43073 RESERVED CVE-2022-43072 @@ -11064,8 +11094,8 @@ CVE-2022-41894 RESERVED CVE-2022-41893 RESERVED -CVE-2022-41892 - RESERVED +CVE-2022-41892 (Arches is a web platform for creating, managing, & visualizing geo ...) + TODO: check CVE-2022-41891 RESERVED CVE-2022-41890 @@ -11090,20 +11120,20 @@ CVE-2022-41881 RESERVED CVE-2022-41880 RESERVED -CVE-2022-41879 - RESERVED -CVE-2022-41878 - RESERVED +CVE-2022-41879 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2022-41878 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check CVE-2022-41877 RESERVED -CVE-2022-41876 - RESERVED +CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for Ibexa DXP an ...) + TODO: check CVE-2022-41875 RESERVED CVE-2022-41874 (Tauri is a framework for building binaries for all major desktop platf ...) NOT-FOR-US: Tauri -CVE-2022-41873 - RESERVED +CVE-2022-41873 (Contiki-NG is an open-source, cross-platform operating system for Next ...) + TODO: check CVE-2022-41872 RESERVED CVE-2022-41871 @@ -11362,14 +11392,14 @@ CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a smartp NOT-FOR-US: AliveCor CVE-2022-41613 RESERVED -CVE-2022-41607 - RESERVED +CVE-2022-41607 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...) + TODO: check CVE-2022-41555 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) NOT-FOR-US: DIAEnergie CVE-2022-41133 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) NOT-FOR-US: DIAEnergie -CVE-2022-40981 - RESERVED +CVE-2022-40981 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...) + TODO: check CVE-2022-40967 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) NOT-FOR-US: DIAEnergie CVE-2022-40965 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) @@ -11538,8 +11568,8 @@ CVE-2022-41721 RESERVED CVE-2022-41720 RESERVED -CVE-2022-41719 - RESERVED +CVE-2022-41719 (Unmarshal can panic on some inputs, possibly allowing for denial of se ...) + TODO: check CVE-2022-41718 RESERVED CVE-2022-41717 @@ -15229,7 +15259,7 @@ CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort Panel CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All versions < V ...) NOT-FOR-US: Siemens CVE-2022-40225 - RESERVED + REJECTED CVE-2022-40200 RESERVED CVE-2022-40198 @@ -17128,20 +17158,20 @@ CVE-2022-39396 (Parse Server is an open source backend that can be deployed to a NOT-FOR-US: Node parse-server CVE-2022-39395 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) TODO: check -CVE-2022-39394 - RESERVED -CVE-2022-39393 - RESERVED -CVE-2022-39392 - RESERVED +CVE-2022-39394 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...) + TODO: check +CVE-2022-39393 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...) + TODO: check +CVE-2022-39392 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...) + TODO: check CVE-2022-39391 RESERVED CVE-2022-39390 REJECTED CVE-2022-39389 RESERVED -CVE-2022-39388 - RESERVED +CVE-2022-39388 (Istio is an open platform to connect, manage, and secure microservices ...) + TODO: check CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect protocol in ...) NOT-FOR-US: XWiki CVE-2022-39386 (@fastify/websocket provides WebSocket support for Fastify. Any applica ...) @@ -20993,17 +21023,20 @@ CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatab NOT-FOR-US: Keysight Sensor Management Server CVE-2022-38129 (A path traversal vulnerability exists in the com.keysight.tentacle.lic ...) NOT-FOR-US: Keysight Sensor Management Server -CVE-2022-38128 (An infinite loop may be triggered in display_debug_abbrev() function i ...) +CVE-2022-38128 + REJECTED - binutils <unfixed> (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29370 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=695c6dfe7e85006b98c8b746f3fd5f913c94ebff NOTE: binutils not covered by security support -CVE-2022-38127 (A NULL pointer dereference in the read_and_display_attr_value() functi ...) +CVE-2022-38127 + REJECTED - binutils 2.38.50.20220627-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29290 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e98e7d9a70dcc987bff0e925f20b78cd4a2979ed NOTE: binutils not covered by security support -CVE-2022-38126 (Assertion fail in the display_debug_names() function in binutils/dwarf ...) +CVE-2022-38126 + REJECTED - binutils 2.38.50.20220627-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29289 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5 @@ -24157,8 +24190,8 @@ CVE-2022-36940 RESERVED CVE-2022-36939 RESERVED -CVE-2022-36938 - RESERVED +CVE-2022-36938 (DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b ...) + TODO: check CVE-2022-36937 RESERVED CVE-2022-36936 @@ -27156,8 +27189,8 @@ CVE-2022-2397 RESERVED CVE-2022-2396 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: Simple e-Learning System -CVE-2022-35740 - RESERVED +CVE-2022-35740 (dotCMS before 22.06 allows remote attackers to bypass intended access ...) + TODO: check CVE-2022-35739 (PRTG Network Monitor through 22.2.77.2204 does not prevent custom inpu ...) NOT-FOR-US: PRTG Network Monitor CVE-2022-35738 @@ -46891,7 +46924,7 @@ CVE-2022-28750 (Zoom On-Premise Meeting Connector Zone Controller (ZC) before ve CVE-2022-28749 (Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 ...) NOT-FOR-US: Zoom CVE-2022-28748 - RESERVED + REJECTED CVE-2022-28747 (Key reuse in GoSecure Titan Inbox Detection & Response (IDR) throu ...) NOT-FOR-US: GoSecure Titan Inbox Detection & Response (IDR) CVE-2022-28746 @@ -54836,8 +54869,8 @@ CVE-2022-26090 (Improper access control vulnerability in SamsungContacts prior t NOT-FOR-US: Samsung CVE-2022-26089 RESERVED -CVE-2022-26088 - RESERVED +CVE-2022-26088 (An issue was discovered in BMC Remedy before 22.1. Email-based Inciden ...) + TODO: check CVE-2022-0761 RESERVED CVE-2022-0760 (The Simple Link Directory WordPress plugin before 7.7.2 does not valid ...) @@ -58046,8 +58079,8 @@ CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF attac - jspwiki <removed> CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC ...) NOT-FOR-US: Mitsubishi -CVE-2022-24945 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...) - TODO: check +CVE-2022-24945 + REJECTED CVE-2022-24944 RESERVED CVE-2022-24943 @@ -65936,7 +65969,7 @@ CVE-2022-22810 (A CWE-307: Improper Restriction of Excessive Authentication Atte NOT-FOR-US: Schneider Electric CVE-2022-22809 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider Electric -CVE-2022-22808 (A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulne ...) +CVE-2022-22808 (A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a ...) NOT-FOR-US: Schneider Electric CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...) NOT-FOR-US: Schneider Electric @@ -140322,7 +140355,8 @@ CVE-2021-20224 (An integer overflow issue was discovered in ImageMagick's Export NOTE: https://github.com/ImageMagick/ImageMagick/pull/3083 NOTE: https://github.com/ImageMagick/ImageMagick/commit/5af1dffa4b6ab984b5f13d1e91c95760d75f12a6 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/553054c1cb1e4e05ec86237afef76a32cd7c464d -CVE-2021-20223 (An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize. ...) +CVE-2021-20223 + REJECTED {DLA-3107-1} - sqlite3 3.34.0-1 NOTE: https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b (version-3.34.0) @@ -152023,8 +152057,8 @@ CVE-2021-0187 RESERVED CVE-2021-0186 (Improper input validation in the Intel(R) SGX SDK applications compile ...) NOT-FOR-US: Intel -CVE-2021-0185 - RESERVED +CVE-2021-0185 (Improper input validation in the firmware for some Intel(R) Server Boa ...) + TODO: check CVE-2021-0184 RESERVED CVE-2021-0183 (Improper Validation of Specified Index, Position, or Offset in Input i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66c61060252ae083065b73a0a43a86b02ff6fa05 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66c61060252ae083065b73a0a43a86b02ff6fa05 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits