Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 70c29c14 by security tracker role at 2022-12-02T20:10:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,51 @@ +CVE-2022-46378 + RESERVED +CVE-2022-46377 + RESERVED +CVE-2022-46376 + RESERVED +CVE-2022-46375 + RESERVED +CVE-2022-46374 + RESERVED +CVE-2022-46373 + RESERVED +CVE-2022-46372 + RESERVED +CVE-2022-46371 + RESERVED +CVE-2022-46370 + RESERVED +CVE-2022-46369 + RESERVED +CVE-2022-46368 + RESERVED +CVE-2022-46367 + RESERVED +CVE-2022-46365 + RESERVED +CVE-2022-46364 + RESERVED +CVE-2022-46363 + RESERVED +CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...) + TODO: check +CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files Web ver ...) + TODO: check +CVE-2022-4269 + RESERVED +CVE-2022-4268 + RESERVED +CVE-2022-4267 + RESERVED +CVE-2022-4266 + RESERVED +CVE-2022-4265 + RESERVED +CVE-2022-4264 + RESERVED +CVE-2022-4263 + RESERVED CVE-2022-XXXX [node-d3-color redos] - node-d3-color 1.2.8-5 [bullseye] - node-d3-color <no-dsa> (Minor issue) @@ -238,7 +286,7 @@ CVE-2022-4247 (A vulnerability classified as critical was found in Movie Ticket NOT-FOR-US: Movie Ticket Booking System CVE-2022-4246 (A vulnerability classified as problematic has been found in Kakao PotP ...) NOT-FOR-US: Kakao PotPlayer -CVE-2022-46366 +CVE-2022-46366 (** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserializa ...) NOT-FOR-US: Apache Tapestry CVE-2022-46361 RESERVED @@ -811,8 +859,8 @@ CVE-2022-46169 RESERVED CVE-2022-46168 RESERVED -CVE-2022-46167 - RESERVED +CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for Kubernetes. ...) + TODO: check CVE-2022-46166 RESERVED CVE-2022-46165 @@ -827,8 +875,8 @@ CVE-2022-46161 RESERVED CVE-2022-46160 RESERVED -CVE-2022-46159 - RESERVED +CVE-2022-46159 (Discourse is an open-source discussion platform. In version 2.8.13 and ...) + TODO: check CVE-2022-46158 RESERVED CVE-2022-46157 @@ -863,8 +911,8 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build export NOTE: https://www.openwall.com/lists/oss-security/2022/11/29/1 NOTE: https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p NOTE: https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 (v0.8.2) -CVE-2022-46145 - RESERVED +CVE-2022-46145 (authentik is an open-source identity provider. Versions prior to 2022. ...) + TODO: check CVE-2022-46144 RESERVED CVE-2022-46143 @@ -2011,74 +2059,74 @@ CVE-2022-45676 RESERVED CVE-2022-45675 RESERVED -CVE-2022-45674 - RESERVED -CVE-2022-45673 - RESERVED -CVE-2022-45672 - RESERVED -CVE-2022-45671 - RESERVED -CVE-2022-45670 - RESERVED -CVE-2022-45669 - RESERVED -CVE-2022-45668 - RESERVED -CVE-2022-45667 - RESERVED +CVE-2022-45674 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery ...) + TODO: check +CVE-2022-45673 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery ...) + TODO: check +CVE-2022-45672 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + TODO: check +CVE-2022-45671 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + TODO: check +CVE-2022-45670 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + TODO: check +CVE-2022-45669 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + TODO: check +CVE-2022-45668 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...) + TODO: check +CVE-2022-45667 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...) + TODO: check CVE-2022-45666 RESERVED CVE-2022-45665 RESERVED -CVE-2022-45664 - RESERVED -CVE-2022-45663 - RESERVED +CVE-2022-45664 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + TODO: check +CVE-2022-45663 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + TODO: check CVE-2022-45662 RESERVED -CVE-2022-45661 - RESERVED -CVE-2022-45660 - RESERVED -CVE-2022-45659 - RESERVED -CVE-2022-45658 - RESERVED -CVE-2022-45657 - RESERVED -CVE-2022-45656 - RESERVED -CVE-2022-45655 - RESERVED -CVE-2022-45654 - RESERVED -CVE-2022-45653 - RESERVED -CVE-2022-45652 - RESERVED -CVE-2022-45651 - RESERVED -CVE-2022-45650 - RESERVED -CVE-2022-45649 - RESERVED -CVE-2022-45648 - RESERVED -CVE-2022-45647 - RESERVED -CVE-2022-45646 - RESERVED -CVE-2022-45645 - RESERVED -CVE-2022-45644 - RESERVED -CVE-2022-45643 - RESERVED +CVE-2022-45661 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45660 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45659 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45658 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45657 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45656 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45655 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45654 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45653 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45652 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45651 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45650 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45649 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45648 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45647 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45646 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45645 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45644 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check +CVE-2022-45643 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + TODO: check CVE-2022-45642 RESERVED -CVE-2022-45641 - RESERVED +CVE-2022-45641 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSe ...) + TODO: check CVE-2022-45640 (Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Cause ...) NOT-FOR-US: Tenda CVE-2022-45639 @@ -2491,14 +2539,14 @@ CVE-2022-4064 (A vulnerability was found in Dalli. It has been classified as pro NOTE: https://github.com/petergoldstein/dalli/pull/933 NOTE: Introduced after: https://github.com/petergoldstein/dalli/commit/5588d98f79eb04a9abcaeeff3263e08f93468b30 (v3.2.0) NOTE: Fixed by: https://github.com/petergoldstein/dalli/commit/48d594dae55934476fec61789e7a7c3700e0f50d (v3.2.3) -CVE-2022-45483 - RESERVED -CVE-2022-45482 - RESERVED +CVE-2022-45483 (Lazy Mouse allows an attacker (in a man in the middle position between ...) + TODO: check +CVE-2022-45482 (Lazy Mouse server enforces weak password requirements and doesn't impl ...) + TODO: check CVE-2022-45481 RESERVED -CVE-2022-45480 - RESERVED +CVE-2022-45480 (PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-m ...) + TODO: check CVE-2022-45479 RESERVED CVE-2022-45478 @@ -3490,8 +3538,8 @@ CVE-2022-45217 RESERVED CVE-2022-45216 RESERVED -CVE-2022-45215 - RESERVED +CVE-2022-45215 (A cross-site scripting (XSS) vulnerability in Book Store Management Sy ...) + TODO: check CVE-2022-45214 (A cross-site scripting (XSS) vulnerability in Sanitization Management ...) NOT-FOR-US: Sanitization Management System CVE-2022-45213 @@ -6944,18 +6992,18 @@ CVE-2022-44369 RESERVED CVE-2022-44368 RESERVED -CVE-2022-44367 - RESERVED -CVE-2022-44366 - RESERVED -CVE-2022-44365 - RESERVED +CVE-2022-44367 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...) + TODO: check +CVE-2022-44366 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...) + TODO: check +CVE-2022-44365 (Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /gofo ...) + TODO: check CVE-2022-44364 RESERVED -CVE-2022-44363 - RESERVED -CVE-2022-44362 - RESERVED +CVE-2022-44363 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...) + TODO: check +CVE-2022-44362 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...) + TODO: check CVE-2022-44361 RESERVED CVE-2022-44360 @@ -6982,14 +7030,14 @@ CVE-2022-44350 RESERVED CVE-2022-44349 RESERVED -CVE-2022-44348 - RESERVED -CVE-2022-44347 - RESERVED +CVE-2022-44348 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-44347 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check CVE-2022-44346 RESERVED -CVE-2022-44345 - RESERVED +CVE-2022-44345 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check CVE-2022-44344 RESERVED CVE-2022-44343 @@ -7124,8 +7172,8 @@ CVE-2022-44279 (Garage Management System v1.0 is vulnerable to Cross Site Script NOT-FOR-US: Garage Management System CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System -CVE-2022-44277 - RESERVED +CVE-2022-44277 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check CVE-2022-44276 RESERVED CVE-2022-44275 @@ -11119,8 +11167,8 @@ CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All vers NOT-FOR-US: Siemens CVE-2022-43396 RESERVED -CVE-2022-3591 - RESERVED +CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. ...) + TODO: check CVE-2022-3590 RESERVED CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...) @@ -11438,8 +11486,8 @@ CVE-2022-43274 RESERVED CVE-2022-43273 RESERVED -CVE-2022-43272 - RESERVED +CVE-2022-43272 (DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Ass ...) + TODO: check CVE-2022-43271 RESERVED CVE-2022-43270 @@ -12260,8 +12308,8 @@ CVE-2022-42964 (An exponential ReDoS (Regular Expression Denial of Service) can - pymatgen <unfixed> (bug #1024017) NOTE: https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/ NOTE: Doesn't seem to be reported upstream so far -CVE-2022-3520 - RESERVED +CVE-2022-3520 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + TODO: check CVE-2022-3519 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-3518 (A vulnerability classified as problematic has been found in SourceCode ...) @@ -16012,7 +16060,7 @@ CVE-2022-38099 (Improper input validation in BIOS firmware for some Intel(R) NUC NOT-FOR-US: Intel CVE-2022-3328 RESERVED - {DSA-5292-1} + {DSA-5292-1 DLA-3215-1} - snapd 2.57.6-1 NOTE: https://github.com/snapcore/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d (2.57.6) NOTE: https://github.com/snapcore/snapd/commit/21ebc51f00b8a1417888faa2e83a372fd29d0f5e (2.57.6) @@ -24940,10 +24988,10 @@ CVE-2022-38177 (By spoofing the target resolver with responses that have a malfo NOTE: https://kb.isc.org/docs/cve-2022-38177 NOTE: Fixed by (while refactoring): https://gitlab.isc.org/isc-projects/bind9/-/commit/d4eb6e0a57a7eeb42328ff66865fa66688603c17 (v9_17_20) NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/5b2282afff760b1ed3471f6666bdfe8e1d34e590 (v9_16_33) -CVE-2022-2808 - RESERVED -CVE-2022-2807 - RESERVED +CVE-2022-2808 (Algan Yazılım Prens Student Information System product has a ...) + TODO: check +CVE-2022-2807 (Algan Yazılım Prens Student Information System product has a ...) + TODO: check CVE-2022-2806 (It was found that the ovirt-log-collector/sosreport collects the RHV a ...) NOT-FOR-US: ovirt-log-collector CVE-2022-2805 (A flaw was found in ovirt-engine, which leads to the logging of plaint ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70c29c1457b3adc33424a3a19c7b646992dcdd2e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70c29c1457b3adc33424a3a19c7b646992dcdd2e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits