[Git][security-tracker-team/security-tracker][master] Add new moodle issues: CVE-2022-45149, CVE-2022-4515[0-2]
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5077e6ba by Salvatore Bonaccorso at 2022-11-23T08:08:46+01:00 Add new moodle issues: CVE-2022-45149, CVE-2022-4515[0-2] - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1968,12 +1968,16 @@ CVE-2022-45153 RESERVED CVE-2022-45152 RESERVED + - moodle CVE-2022-45151 RESERVED + - moodle CVE-2022-45150 RESERVED + - moodle CVE-2022-45149 RESERVED + - moodle CVE-2022-45148 RESERVED CVE-2022-45147 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5077e6ba278d4bb0764ae5bdad4fcc35c29a5812 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5077e6ba278d4bb0764ae5bdad4fcc35c29a5812 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-41858/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f94fc6ed by Salvatore Bonaccorso at 2022-11-23T08:05:28+01:00 Add CVE-2022-41858/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13254,6 +13254,10 @@ CVE-2022-41859 RESERVED CVE-2022-41858 RESERVED + - linux 5.17.6-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798 (5.18-rc2) CVE-2022-41857 RESERVED CVE-2022-41856 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94fc6ede5615ea8ce3b3b54629abbff77c273e3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94fc6ede5615ea8ce3b3b54629abbff77c273e3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3203-1 for nginx
Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cce5b8db by Markus Koschany at 2022-11-23T00:30:31+01:00
Reserve DLA-3203-1 for nginx
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -102703,7 +102703,6 @@ CVE-2021-35475 (SAS Environment Manager 2.5 allows
XSS through the Name field wh
CVE-2021-3618 (ALPACA is an application layer protocol content confusion
attack, expl ...)
- nginx 1.20.2-2 (bug #991328)
[bullseye] - nginx 1.18.0-6.1+deb11u2
- [buster] - nginx (Minor issue)
[stretch] - nginx (Minor issue)
- vsftpd (bug #991329)
[bullseye] - vsftpd (Minor issue)
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[23 Nov 2022] DLA-3203-1 nginx - security update
+ {CVE-2021-3618 CVE-2022-41741 CVE-2022-41742}
+ [buster] - nginx 1.14.2-2+deb10u5
[22 Nov 2022] DLA-3202-1 libarchive - security update
{CVE-2019-19221 CVE-2021-23177 CVE-2021-31566}
[buster] - libarchive 3.3.3-4+deb10u2
=
data/dla-needed.txt
=
@@ -170,10 +170,6 @@ netatalk
NOTE: 20220816: Programming language: C.
NOTE: 20220912: We get errors in the log, not present on bookworm. Needs
more investigation. (stefanor)
--
-nginx (Markus Koschany)
- NOTE: 2022: Programming language: C.
- NOTE: 2022: Upcoming DSA + follow fixes from bullseye 11.4
(Beuc/front-desk)
---
node-cached-path-relative
NOTE: 2022: Programming language: JavaScript.
NOTE: 2022: Follow fixes from bullseye 11.3 (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce5b8db805ffdb3d64fb059333bcdf52d6b2240
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce5b8db805ffdb3d64fb059333bcdf52d6b2240
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-36227/libarchive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c378dccd by Salvatore Bonaccorso at 2022-11-22T22:47:13+01:00 Add Debian bug reference for CVE-2022-36227/libarchive - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28101,7 +28101,7 @@ CVE-2022-36229 CVE-2022-36228 RESERVED CVE-2022-36227 (In libarchive 3.6.1, the software does not check for an error after ca ...) - - libarchive + - libarchive (bug #1024669) [bullseye] - libarchive (Minor issue) NOTE: https://github.com/libarchive/libarchive/issues/1754 NOTE: https://github.com/libarchive/libarchive/pull/1759 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c378dccd0716b44ea0994e2bbc0e58616d7ec5d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c378dccd0716b44ea0994e2bbc0e58616d7ec5d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2022-36227/libarchive as no-dsa for bullseye
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b511020 by Salvatore Bonaccorso at 2022-11-22T22:41:16+01:00 Mark CVE-2022-36227/libarchive as no-dsa for bullseye - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28102,6 +28102,7 @@ CVE-2022-36228 RESERVED CVE-2022-36227 (In libarchive 3.6.1, the software does not check for an error after ca ...) - libarchive + [bullseye] - libarchive (Minor issue) NOTE: https://github.com/libarchive/libarchive/issues/1754 NOTE: https://github.com/libarchive/libarchive/pull/1759 NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b5110200b6228fdda6ef4fe860539d9cc0d0246 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b5110200b6228fdda6ef4fe860539d9cc0d0246 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b853d3b0 by Salvatore Bonaccorso at 2022-11-22T22:28:33+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13058,7 +13058,7 @@ CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled wil CVE-2022-41951 RESERVED CVE-2022-41950 (super-xray is the GUI alternative for vulnerability scanning tool xray ...) - TODO: check + NOT-FOR-US: super-xray CVE-2022-41949 RESERVED CVE-2022-41948 @@ -13068,13 +13068,13 @@ CVE-2022-41947 CVE-2022-41946 RESERVED CVE-2022-41945 (super-xray is a vulnerability scanner (xray) GUI launcher. In version ...) - TODO: check + NOT-FOR-US: super-xray CVE-2022-41944 RESERVED CVE-2022-41943 (sourcegraph is a code intelligence platform. As a site admin it was po ...) - TODO: check + NOT-FOR-US: Sourcegraph CVE-2022-41942 (Sourcegraph is a code intelligence platform. In versions prior to 4.1. ...) - TODO: check + NOT-FOR-US: Sourcegraph CVE-2022-41941 RESERVED CVE-2022-41940 (Engine.IO is the implementation of transport-based cross-browser/cross ...) @@ -20174,15 +20174,15 @@ CVE-2022-39072 CVE-2022-39071 RESERVED CVE-2022-39070 (There is an access control vulnerability in some ZTE PON OLT products. ...) - TODO: check + NOT-FOR-US: ZTE CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of ...) NOT-FOR-US: ZTE CVE-2022-39068 RESERVED CVE-2022-39067 (There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of ...) - TODO: check + NOT-FOR-US: ZTE CVE-2022-39066 (There is a SQL injection vulnerability in ZTE MF286R. Due to insuffici ...) - TODO: check + NOT-FOR-US: ZTE CVE-2022-39065 (A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI ...) NOT-FOR-US: Ikea CVE-2022-39064 (An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame ma ...) @@ -22056,7 +22056,7 @@ CVE-2022-38464 CVE-2022-38463 (ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS ...) NOT-FOR-US: ServiceNow CVE-2022-38462 (Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS ...) - TODO: check + NOT-FOR-US: SilverStripe CMS CVE-2022-38450 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2022-38449 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) @@ -23140,11 +23140,11 @@ CVE-2022-38151 CVE-2022-38149 (HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose ...) NOT-FOR-US: Consul Template CVE-2022-38148 (Silverstripe silverstripe/framework through 4.11 allows SQL Injection. ...) - TODO: check + NOT-FOR-US: SilverStripe CMS CVE-2022-38147 RESERVED CVE-2022-38146 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 o ...) - TODO: check + NOT-FOR-US: SilverStripe CMS CVE-2022-38145 RESERVED CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could be wr ...) @@ -30240,7 +30240,7 @@ CVE-2022-35409 (An issue was discovered in Mbed TLS before 2.28.1 and 3.x before CVE-2022-35408 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-35407 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) - TODO: check + NOT-FOR-US: Insyde CVE-2022-35406 (A URL disclosure issue was discovered in Burp Suite before 2022.6. If ...) - burpsuite (bug #832943) CVE-2022-35405 (Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before ...) @@ -36615,7 +36615,7 @@ CVE-2022-33014 CVE-2022-33013 RESERVED CVE-2022-33012 (Microweber v1.2.15 was discovered to allow attackers to perform an acc ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-33011 (Known v1.3.1+2020120201 was discovered to allow attackers to perform a ...) NOT-FOR-US: Known CVE-2022-33010 @@ -44769,9 +44769,9 @@ CVE-2022-1585 (The Project Source Code Download WordPress plugin through 1.0.0 d CVE-2022-30259 RESERVED CVE-2022-30258 (An issue was discovered in Technitium DNS Server through 8.0.2 that al ...) - TODO: check + NOT-FOR-US: Technitium DNS Server CVE-2022-30257 (An issue was discovered in Technitium DNS Server through 8.0.2 that al ...) - TODO: check + NOT-FOR-US: Technitium DNS Server CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allo ...) - maradns NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256 @@ -52878,7 +52878,7 @@ CVE-2022-1040 (An authentication bypass vulnerabili
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3910/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6432744c by Salvatore Bonaccorso at 2022-11-22T21:45:25+01:00 Add CVE-2022-3910/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2235,7 +2235,10 @@ CVE-2022-3912 CVE-2022-3911 RESERVED CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege Escalati ...) - TODO: check + - linux 5.19.11-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fc7222c3a9f56271fba02aabbfbae999042f1679 (6.0-rc6) CVE-2022-3909 RESERVED CVE-2022-45063 (xterm before 375 allows code execution via font ops, e.g., because an ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6432744c5887c43a7af7101da598803f59b69906 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6432744c5887c43a7af7101da598803f59b69906 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-41952/matrix-synapse
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c897b5e5 by Salvatore Bonaccorso at 2022-11-22T21:34:25+01:00 Add CVE-2022-41952/matrix-synapse - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13047,7 +13047,11 @@ CVE-2022-41954 CVE-2022-41953 RESERVED CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled will atte ...) - TODO: check + - matrix-synapse 1.53.0-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h + NOTE: https://github.com/matrix-org/synapse/pull/11784 + NOTE: https://github.com/matrix-org/synapse/pull/11936 + NOTE: First bugfix in 1.52.0 but 1.53.0 does fully fix the issue. CVE-2022-41951 RESERVED CVE-2022-41950 (super-xray is the GUI alternative for vulnerability scanning tool xray ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c897b5e5aa9cf03002628ea9e8d12ba95feca39c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c897b5e5aa9cf03002628ea9e8d12ba95feca39c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track two CVEs for backdrop, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80952d92 by Salvatore Bonaccorso at 2022-11-22T21:29:54+01:00 Track two CVEs for backdrop, itp'ed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12732,13 +12732,13 @@ CVE-2022-42099 CVE-2022-42098 (KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection ...) NOT-FOR-US: KLiK SocialMediaWebsite CVE-2022-42097 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) - TODO: check + - backdrop (bug #914257) CVE-2022-42096 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) - backdrop (bug #914257) CVE-2022-42095 RESERVED CVE-2022-42094 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) - TODO: check + - backdrop (bug #914257) CVE-2022-42093 RESERVED CVE-2022-42092 (Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80952d92d7d5914544a1e6aef362040fd5decbc5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80952d92d7d5914544a1e6aef362040fd5decbc5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-24590: Associate with backdrop, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 50888da3 by Salvatore Bonaccorso at 2022-11-22T21:28:58+01:00 Update information for CVE-2022-24590: Associate with backdrop, itp'ed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -61509,7 +61509,7 @@ CVE-2022-24592 CVE-2022-24591 RESERVED CVE-2022-24590 (A stored cross-site scripting (XSS) vulnerability in the Add Link func ...) - NOT-FOR-US: BackdropCMS + - backdrop (bug #914257) CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site scripting (X ...) NOT-FOR-US: Burden CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50888da3c1ebe923f8e529af72b60dc9bbfbada3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50888da3c1ebe923f8e529af72b60dc9bbfbada3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e24fb18 by Salvatore Bonaccorso at 2022-11-22T21:28:06+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33,7 +33,7 @@ CVE-2022-4118 CVE-2022-4117 RESERVED CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw happens in De ...) - TODO: check + NOT-FOR-US: Quarkus CVE-2022-4115 RESERVED CVE-2022- [rust-atty: Potential unaligned read] @@ -1456,7 +1456,7 @@ CVE-2022-45365 CVE-2022-45364 RESERVED CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup B ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-45362 RESERVED CVE-2022-45361 @@ -2867,21 +2867,21 @@ CVE-2022-44810 CVE-2022-44809 RESERVED CVE-2022-44808 (A command injection vulnerability has been found on D-Link DIR-823G de ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-44807 (D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow vi ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-44806 (D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-44805 RESERVED CVE-2022-44804 (D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-44803 RESERVED CVE-2022-44802 RESERVED CVE-2022-44801 (D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-44800 RESERVED CVE-2022-44799 @@ -5503,43 +5503,43 @@ CVE-2022-44204 (D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Ov CVE-2022-44203 RESERVED CVE-2022-44202 (D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-44201 (D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-44200 (Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow vi ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44199 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via paramete ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44198 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via paramete ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44197 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44196 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44195 RESERVED CVE-2022-44194 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44193 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44192 RESERVED CVE-2022-44191 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via paramete ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44190 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via paramete ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44189 RESERVED CVE-2022-44188 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/ ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44187 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_ ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44186 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44185 RESERVED CVE-2022-44184 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/ ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-44183 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44182 @@ -9807,7 +9807,7 @@ CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL inje CVE-2022-43213 RESERVED CVE-2022-43212 (Billing System Project v1.0 was discovered to contain a SQL injection ...) - TODO: check + NOT-FOR-US: Billing System Project CVE-2022-43211 RESERVED CVE-2022-43210 @@ -10280,7 +10280,7 @@ CVE-2022-42991 (A stored cross-site scripting (XSS) vulnerability in Simple Onli CVE-2022-42990 (Food Ordering Management System v1.0 was discovered to contain a SQL i ...) NOT-FOR-US: Food Ordering Management System CVE-2022-42989 (ERP Sankhya before v4.11b81 was discovered to contain a
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eb8083b2 by Salvatore Bonaccorso at 2022-11-22T21:19:10+01:00
Process two NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -3037,7 +3037,7 @@ CVE-2022-44739
CVE-2022-44738
RESERVED
CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities in
All-In-One Secu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Cham ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44735
@@ -17344,7 +17344,7 @@ CVE-2022-40230 ("IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3
CD, and LTS 9.3 does not
CVE-2022-40229
RESERVED
CVE-2022-40228 (IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0
through 10.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels (inc ...)
NOT-FOR-US: Siemens
CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb8083b2bda17692452143ce239b40488261e8d3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb8083b2bda17692452143ce239b40488261e8d3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d0430c6 by security tracker role at 2022-11-22T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,41 @@
+CVE-2022-45797
+ RESERVED
+CVE-2022-45796
+ RESERVED
+CVE-2022-45795
+ RESERVED
+CVE-2022-45794
+ RESERVED
+CVE-2022-45793
+ RESERVED
+CVE-2022-45792
+ RESERVED
+CVE-2022-45791
+ RESERVED
+CVE-2022-45790
+ RESERVED
+CVE-2022-45789
+ RESERVED
+CVE-2022-45788
+ RESERVED
+CVE-2022-45787
+ RESERVED
+CVE-2022-45786
+ RESERVED
+CVE-2022-4121
+ RESERVED
+CVE-2022-4120
+ RESERVED
+CVE-2022-4119
+ RESERVED
+CVE-2022-4118
+ RESERVED
+CVE-2022-4117
+ RESERVED
+CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw
happens in De ...)
+ TODO: check
+CVE-2022-4115
+ RESERVED
CVE-2022- [rust-atty: Potential unaligned read]
- rust-atty (Windows-specific)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0145.html
@@ -1417,8 +1455,8 @@ CVE-2022-45365
RESERVED
CVE-2022-45364
RESERVED
-CVE-2022-45363
- RESERVED
+CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in
Muffingroup B ...)
+ TODO: check
CVE-2022-45362
RESERVED
CVE-2022-45361
@@ -2196,8 +2234,8 @@ CVE-2022-3912
RESERVED
CVE-2022-3911
RESERVED
-CVE-2022-3910
- RESERVED
+CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege
Escalati ...)
+ TODO: check
CVE-2022-3909
RESERVED
CVE-2022-45063 (xterm before 375 allows code execution via font ops, e.g.,
because an ...)
@@ -2828,22 +2866,22 @@ CVE-2022-44810
RESERVED
CVE-2022-44809
RESERVED
-CVE-2022-44808
- RESERVED
-CVE-2022-44807
- RESERVED
-CVE-2022-44806
- RESERVED
+CVE-2022-44808 (A command injection vulnerability has been found on D-Link
DIR-823G de ...)
+ TODO: check
+CVE-2022-44807 (D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer
Overflow vi ...)
+ TODO: check
+CVE-2022-44806 (D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer
Overflow. ...)
+ TODO: check
CVE-2022-44805
RESERVED
-CVE-2022-44804
- RESERVED
+CVE-2022-44804 (D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer
Overflow via ...)
+ TODO: check
CVE-2022-44803
RESERVED
CVE-2022-44802
RESERVED
-CVE-2022-44801
- RESERVED
+CVE-2022-44801 (D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access
Control. ...)
+ TODO: check
CVE-2022-44800
RESERVED
CVE-2022-44799
@@ -2998,8 +3036,8 @@ CVE-2022-44739
RESERVED
CVE-2022-44738
RESERVED
-CVE-2022-44737
- RESERVED
+CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities in
All-In-One Secu ...)
+ TODO: check
CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Cham ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44735
@@ -4280,6 +4318,7 @@ CVE-2022-44641 (In Linaro Automated Validation
Architecture (LAVA) before 2022.1
NOTE:
https://git.lavasoftware.org/lava/lava/-/commit/1bee0f8957741582c2bed800974f31439c6f3ff5
(2022.11)
CVE-2022-44640 [Invalid free in ASN.1 codec]
RESERVED
+ {DSA-5287-1}
- heimdal (bug #1024187)
NOTE:
https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4
NOTE:
https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e
(heimdal-7.7.1)
@@ -4587,7 +4626,7 @@ CVE-2022-44579
RESERVED
CVE-2022-44578
RESERVED
-CVE-2022-44577 (Auth. CSV Injection vulnerability in Export Users With Meta
plugin < ...)
+CVE-2022-44577 (This CVE ID has been rejected or withdrawn by its CVE
Numbering Author ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Agen ...)
NOT-FOR-US: WordPress plugin
@@ -5463,44 +5502,44 @@ CVE-2022-44204 (D-Link DIR3060 DIR3060A1_FW111B04.bin
is vulnerable to Buffer Ov
NOT-FOR-US: D-Link
CVE-2022-44203
RESERVED
-CVE-2022-44202
- RESERVED
-CVE-2022-44201
- RESERVED
-CVE-2022-44200
- RESERVED
-CVE-2022-44199
- RESERVED
-CVE-2022-44198
- RESERVED
-CVE-2022-44197
- RESERVED
-CVE-2022-44196
- RESERVED
+CVE-2022-44202 (D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer
Overflow. ...)
+ TODO: check
+CVE-2022-44201 (D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. ...)
+ TODO: check
+CVE-2022-44200 (Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer
Overflow vi ...)
+ TODO: check
+CVE-2022-44199 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via
paramete ...)
+
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for heimdal update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e150f200 by Salvatore Bonaccorso at 2022-11-22T20:37:52+01:00
Reserve DSA number for heimdal update
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/CVE/list
=
@@ -97189,7 +97189,6 @@ CVE-2021-37715 (A remote cross-site scripting (XSS)
vulnerability was discovered
NOT-FOR-US: Aruba
CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos
server ...)
- heimdal 7.7.0+dfsg-3 (bug #996586)
- [bullseye] - heimdal (Minor issue)
[buster] - heimdal (Minor issue)
[stretch] - heimdal (Minor issue)
- samba 2:4.13.13+dfsg-1
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[22 Nov 2022] DSA-5287-1 heimdal - security update
+ {CVE-2021-3671 CVE-2021-44758 CVE-2022-3437 CVE-2022-41916
CVE-2022-42898 CVE-2022-44640}
+ [bullseye] - heimdal 7.7.0+dfsg-2+deb11u2
[19 Nov 2022] DSA-5286-1 krb5 - security update
{CVE-2022-42898}
[bullseye] - krb5 1.18.3-6+deb11u3
=
data/dsa-needed.txt
=
@@ -18,8 +18,6 @@ frr
--
gerbv
--
-heimdal (carnil)
---
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v5.10.y versions
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e150f200e4557c27f9b07d182870cbbed153fb3b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e150f200e4557c27f9b07d182870cbbed153fb3b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3202-1 for libarchive
Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
65152569 by Sylvain Beucler at 2022-11-22T15:39:06+01:00
Reserve DLA-3202-1 for libarchive
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/CVE/list
=
@@ -73415,7 +73415,6 @@ CVE-2021-31566 (An improper link resolution flaw can
occur while extracting an a
{DLA-2987-1}
- libarchive 3.5.2-1 (bug #1001990)
[bullseye] - libarchive 3.4.3-2+deb11u1
- [buster] - libarchive (Minor issue)
NOTE: https://github.com/libarchive/libarchive/issues/1566
NOTE:
https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043
(v3.5.2)
NOTE:
https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b
(v3.5.2)
@@ -73423,7 +73422,6 @@ CVE-2021-23177 (An improper link resolution flaw while
extracting an archive can
{DLA-2987-1}
- libarchive 3.5.2-1 (bug #1001986)
[bullseye] - libarchive 3.4.3-2+deb11u1
- [buster] - libarchive (Minor issue)
NOTE: https://github.com/libarchive/libarchive/issues/1565
NOTE:
https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad
(v3.5.2)
CVE-2022-21943
@@ -221421,7 +221419,6 @@ CVE-2019-19222 (A Stored XSS issue in the D-Link
DSL-2680 web administration int
CVE-2019-19221 (In Libarchive 3.4.0, archive_wstring_append_from_mbs in
archive_string ...)
{DLA-2987-1}
- libarchive 3.4.2-1 (bug #945287)
- [buster] - libarchive (Minor issue)
[jessie] - libarchive (Minor issue)
NOTE:
https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41
NOTE: https://github.com/libarchive/libarchive/issues/1276
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[22 Nov 2022] DLA-3202-1 libarchive - security update
+ {CVE-2019-19221 CVE-2021-23177 CVE-2021-31566}
+ [buster] - libarchive 3.3.3-4+deb10u2
[22 Nov 2022] DLA-3201-1 ntfs-3g - security update
{CVE-2022-40284}
[buster] - ntfs-3g 1:2017.3.23AR.3-3+deb10u3
=
data/dla-needed.txt
=
@@ -122,10 +122,6 @@ krb5 (Chris Lamb)
libapreq2
NOTE: 20221031: Programming language: C.
--
-libarchive (Sylvain Beucler)
- NOTE: 2022: Programming language: C.
- NOTE: 2022: Sync with jessie/stretch/bullseye-11.3 (Beuc/front-desk)
---
libcommons-jxpath-java
NOTE: 20221027: Programming language: Java.
NOTE: 20221027: Maintainer notes: Wait for the outcome of upstream
discussion. See CVE-2022-41852 for pull requests.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65152569c75cc7c40720ec04d273bee705fcc9d5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65152569c75cc7c40720ec04d273bee705fcc9d5
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] rust-atty n/a
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b7e5ca61 by Moritz Muehlenhoff at 2022-11-22T15:19:52+01:00 rust-atty n/a - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2022- [rust-atty: Potential unaligned read] + - rust-atty (Windows-specific) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0145.html CVE-2022-45785 RESERVED CVE-2022-45784 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7e5ca614cce8e52f751ecc68e504e63bcfe9148 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7e5ca614cce8e52f751ecc68e504e63bcfe9148 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-37026,erlang: Link to Debian bug
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 78a35fe5 by Markus Koschany at 2022-11-22T14:41:02+01:00 CVE-2022-37026,erlang: Link to Debian bug - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25928,7 +25928,7 @@ CVE-2022-37028 (ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) att CVE-2022-37027 (Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject a ...) NOT-FOR-US: Ahsay AhsayCBS CVE-2022-37026 (In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before ...) - - erlang 1:24.3.4.5+dfsg-1 + - erlang 1:24.3.4.5+dfsg-1 (bug #1024632) [bullseye] - erlang (Minor issue) [buster] - erlang (Minor issue) NOTE: https://erlangforums.com/t/otp-25-1-released/1854 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78a35fe50d43b4a1540be25ce57f5966b369c30d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78a35fe50d43b4a1540be25ce57f5966b369c30d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-36227/libarchive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e12857e6 by Salvatore Bonaccorso at 2022-11-22T11:14:23+01:00 Add CVE-2022-36227/libarchive - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28055,7 +28055,10 @@ CVE-2022-36229 CVE-2022-36228 RESERVED CVE-2022-36227 (In libarchive 3.6.1, the software does not check for an error after ca ...) - TODO: check + - libarchive + NOTE: https://github.com/libarchive/libarchive/issues/1754 + NOTE: https://github.com/libarchive/libarchive/pull/1759 + NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5 CVE-2022-36226 (SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /Si ...) NOT-FOR-US: SiteServerCMS CVE-2022-36225 (EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (C ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e12857e62bcc6ff50df3e1cc80cf2c0bd75dcb99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e12857e62bcc6ff50df3e1cc80cf2c0bd75dcb99 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de1d3186 by Salvatore Bonaccorso at 2022-11-22T10:48:55+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -13035,9 +13035,9 @@ CVE-2022-41939 (knative.dev/func is is a client library
and CLI enabling the dev
CVE-2022-41938 (Flarum is an open source discussion platform. Flarum's page
title syst ...)
NOT-FOR-US: Flarum
CVE-2022-41937 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-41936 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-41935
RESERVED
CVE-2022-41934
@@ -14642,7 +14642,7 @@ CVE-2022-3283 (A potential DOS vulnerability was
discovered in GitLab CE/EE affe
CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before
1.3.6.5 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41326 (The web conferencing component of Mitel MiCollab through
9.6.0.13 coul ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2022-41325
RESERVED
CVE-2022-41324
@@ -14863,7 +14863,7 @@ CVE-2022-41257
CVE-2022-41256
RESERVED
CVE-2022-41223 (The Director database component of MiVoice Connect through
19.3 (22.22 ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2022-41221
RESERVED
CVE-2022-40224
@@ -15377,7 +15377,7 @@ CVE-2022-41032 (NuGet Client Elevation of Privilege
Vulnerability. ...)
CVE-2022-41031 (Microsoft Word Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-40129 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2022-41030
RESERVED
CVE-2022-41029
@@ -15797,7 +15797,7 @@ CVE-2022-40844 (In Tenda (Shenzhen Tenda Technology
Co., Ltd) AC1200 Router mode
CVE-2022-40843 (The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is
vulnerable to im ...)
NOT-FOR-US: Tenda
CVE-2022-40842 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable
to Serve ...)
- TODO: check
+ NOT-FOR-US: NdkAdvancedCustomizationFields
CVE-2022-40841
RESERVED
CVE-2022-40840 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable
to Cross ...)
@@ -15954,7 +15954,7 @@ CVE-2022-40767
CVE-2022-40766 (Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows
login-page S ...)
NOT-FOR-US: Modern Campus Omni CMS (formerly OU Campus)
CVE-2022-40765 (A vulnerability in the Edge Gateway component of Mitel MiVoice
Connect ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2022-40764 (Snyk CLI before 1.996.0 allows arbitrary command execution,
affecting ...)
NOT-FOR-US: Snyk CLI
CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin
allows ...)
@@ -16322,11 +16322,11 @@ CVE-2022-40634 (Improper Control of
Dynamically-Managed Code Resources vulnerabi
CVE-2022-40631 (A vulnerability has been identified in SCALANCE X200-4P IRT
(All versi ...)
NOT-FOR-US: Siemens
CVE-2022-38097 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2022-37332 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2022-32774 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2022-3209 (The soledad WordPress theme before 8.2.5 does not sanitise the
{id,dat ...)
NOT-FOR-US: WordPress theme
CVE-2022-3208 (The Simple File List WordPress plugin before 4.4.12 does not
implement ...)
@@ -16471,7 +16471,7 @@ CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4,
part of a url was unneces
CVE-2022-40603
RESERVED
CVE-2022-40602 (A flaw in the Zyxel LTE3301-M209 firmware verisons prior to
V1.00(ABLG ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-40601
RESERVED
CVE-2022-40600
@@ -16758,7 +16758,7 @@ CVE-2022-40472 (ZKTeco Xiamen Information Technology
ZKBio Time 8.0.7 Build: 202
CVE-2022-40471 (Remote Code Execution in Clinic's Patient Management System v
1.0 allo ...)
NOT-FOR-US: Clinic's Patient Management System
CVE-2022-40470 (Phpgurukul Blood Donor Management System 1.0 allows Cross Site
Scripti ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul Blood Donor Management System
CVE-2022-40469 (iKuai OS v3.6.7 was discovered to contain an authenticated
remote code ...)
NOT-FOR-US: iKuai8
CVE-2022-40468 (Potential leak of left-over heap data if custom error page
templates c ...)
@@ -23609,7 +23609,7 @@ CVE-2022-37933
CVE-2022-37932
RESERVED
CVE-2022-37931 (A vulnerability in NetBatch-Plus s
[Git][security-tracker-team/security-tracker][master] Add new airflow CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 169b987b by Salvatore Bonaccorso at 2022-11-22T09:43:06+01:00 Add new airflow CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15173,6 +15173,7 @@ CVE-2016-20015 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing o NOT-FOR-US: ebuild package for SmokePing on Gentoo CVE-2022-41131 RESERVED + - airflow (bug #819700) CVE-2022-41130 RESERVED CVE-2022-41129 @@ -15543,6 +15544,7 @@ CVE-2022-40955 (In versions of Apache InLong prior to 1.3.0, an attacker with su NOT-FOR-US: Apache InLong CVE-2022-40954 RESERVED + - airflow (bug #819700) CVE-2022-40701 RESERVED CVE-2022-40220 @@ -17322,6 +17324,7 @@ CVE-2022-40191 (Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vu NOT-FOR-US: WordPress plugin CVE-2022-40189 RESERVED + - airflow (bug #819700) CVE-2022-40132 (Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Po ...) NOT-FOR-US: WordPress plugin CVE-2022-38976 @@ -21428,6 +21431,7 @@ CVE-2022-38650 (** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecur NOT-FOR-US: VMware CVE-2022-38649 RESERVED + - airflow (bug #819700) CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) - batik 1.15+dfsg-1 (bug #1020589) [bullseye] - batik (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/169b987b35fe3923e45fcdedd1a7a7b1c63bb32e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/169b987b35fe3923e45fcdedd1a7a7b1c63bb32e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Associate three Backdrop CMS CVEs with backdrop itp'ed entry
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3b611f9c by Salvatore Bonaccorso at 2022-11-22T09:40:15+01:00 Associate three Backdrop CMS CVEs with backdrop itp'ed entry - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12700,7 +12700,7 @@ CVE-2022-42094 CVE-2022-42093 RESERVED CVE-2022-42092 (Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'th ...) - NOT-FOR-US: Backdrop CMS + - backdrop (bug #914257) CVE-2022-42091 RESERVED CVE-2022-42090 @@ -32704,7 +32704,7 @@ CVE-2022-34532 CVE-2022-34531 (DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE ...) NOT-FOR-US: DedeCMS CVE-2022-34530 (An issue in the login and reset password functionality of Backdrop CMS ...) - NOT-FOR-US: Backdrop CMS + - backdrop (bug #914257) CVE-2022-34529 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...) NOT-FOR-US: WASM3 CVE-2022-34528 (D-Link DSL-3782 v1.03 and below was discovered to contain a stack over ...) @@ -72737,7 +72737,7 @@ CVE-2021-45270 CVE-2021-45269 RESERVED CVE-2021-45268 (** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exist ...) - NOT-FOR-US: Backdrop CMS + - backdrop (bug #914257) CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b611f9c6a928ad79d1bab846c128ffa9ce215f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b611f9c6a928ad79d1bab846c128ffa9ce215f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-42096/backdrop
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 138d2804 by Salvatore Bonaccorso at 2022-11-22T09:37:30+01:00 Add CVE-2022-42096/backdrop - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12692,7 +12692,7 @@ CVE-2022-42098 CVE-2022-42097 RESERVED CVE-2022-42096 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) - TODO: check + - backdrop (bug #914257) CVE-2022-42095 RESERVED CVE-2022-42094 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/138d280417da8e5c988d1c43f13a8ae565c6b5e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/138d280417da8e5c988d1c43f13a8ae565c6b5e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eaa8125c by Salvatore Bonaccorso at 2022-11-22T09:36:14+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,7 @@ CVE-2022-4113 CVE-2022-4112 RESERVED CVE-2022-4111 (What happens if a bot net starts uploading 100MB files from 100 machin ...) - TODO: check + NOT-FOR-US: ToolJet CVE-2022-4110 RESERVED CVE-2022-4109 @@ -2870,15 +2870,15 @@ CVE-2022-44790 CVE-2022-44789 RESERVED CVE-2022-44788 (An issue was discovered in Appalti & Contratti 9.12.2. It allows S ...) - TODO: check + NOT-FOR-US: Appalti & Contratti CVE-2022-44787 (An issue was discovered in Appalti & Contratti 9.12.2. The web app ...) - TODO: check + NOT-FOR-US: Appalti & Contratti CVE-2022-44786 (An issue was discovered in Appalti & Contratti 9.12.2. The target ...) - TODO: check + NOT-FOR-US: Appalti & Contratti CVE-2022-44785 (An issue was discovered in Appalti & Contratti 9.12.2. The target ...) - TODO: check + NOT-FOR-US: Appalti & Contratti CVE-2022-44784 (An issue was discovered in Appalti & Contratti 9.12.2. The target ...) - TODO: check + NOT-FOR-US: Appalti & Contratti CVE-2022-44619 RESERVED CVE-2022-44610 @@ -8354,11 +8354,11 @@ CVE-2022-43711 CVE-2022-43710 RESERVED CVE-2022-43709 (MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users ...) - TODO: check + NOT-FOR-US: MyBB CVE-2022-43708 (MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabil ...) - TODO: check + NOT-FOR-US: MyBB CVE-2022-43707 (MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visu ...) - TODO: check + NOT-FOR-US: MyBB CVE-2022-43706 RESERVED CVE-2022-43705 [malicious OCSP responder could forge OCSP responses] @@ -9759,9 +9759,9 @@ CVE-2022-43217 CVE-2022-43216 RESERVED CVE-2022-43215 (Billing System Project v1.0 was discovered to contain a SQL injection ...) - TODO: check + NOT-FOR-US: Billing System Project CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL injection ...) - TODO: check + NOT-FOR-US: Billing System Project CVE-2022-43213 RESERVED CVE-2022-43212 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaa8125cd4eb759f03b0c40da0f8c6b880126765 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaa8125cd4eb759f03b0c40da0f8c6b880126765 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-4095/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 01170a10 by Salvatore Bonaccorso at 2022-11-22T09:31:38+01:00 Add CVE-2022-4095/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -642,6 +642,10 @@ CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmitho NOT-FOR-US: appsmith CVE-2022-4095 RESERVED + - linux 5.19.11-1 + [bullseye] - linux 5.10.148-1 + [buster] - linux 4.19.260-1 + NOTE: https://git.kernel.org/linus/e230a4455ac3e9b112f0367d1b8e255e141afae0 (6.0-rc4) CVE-2022-4094 RESERVED CVE-2022-4093 (SQL injection attacks can result in unauthorized access to sensitive d ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01170a1075bb36a374000f4749f20eaac23cdc0f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01170a1075bb36a374000f4749f20eaac23cdc0f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d0a5186 by security tracker role at 2022-11-22T08:10:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,29 @@ +CVE-2022-45785 + RESERVED +CVE-2022-45784 + RESERVED +CVE-2022-45783 + RESERVED +CVE-2022-45782 + RESERVED +CVE-2022-4114 + RESERVED +CVE-2022-4113 + RESERVED +CVE-2022-4112 + RESERVED +CVE-2022-4111 (What happens if a bot net starts uploading 100MB files from 100 machin ...) + TODO: check +CVE-2022-4110 + RESERVED +CVE-2022-4109 + RESERVED +CVE-2022-4108 + RESERVED +CVE-2022-4107 + RESERVED +CVE-2022-4106 + RESERVED CVE-2022-45781 RESERVED CVE-2022-45780 @@ -594,8 +620,8 @@ CVE-2022-45485 RESERVED CVE-2022-45484 RESERVED -CVE-2022-4105 - RESERVED +CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript which co ...) + TODO: check CVE-2022-4104 RESERVED CVE-2022-4103 @@ -2839,16 +2865,16 @@ CVE-2022-44790 RESERVED CVE-2022-44789 RESERVED -CVE-2022-44788 - RESERVED -CVE-2022-44787 - RESERVED -CVE-2022-44786 - RESERVED -CVE-2022-44785 - RESERVED -CVE-2022-44784 - RESERVED +CVE-2022-44788 (An issue was discovered in Appalti & Contratti 9.12.2. It allows S ...) + TODO: check +CVE-2022-44787 (An issue was discovered in Appalti & Contratti 9.12.2. The web app ...) + TODO: check +CVE-2022-44786 (An issue was discovered in Appalti & Contratti 9.12.2. The target ...) + TODO: check +CVE-2022-44785 (An issue was discovered in Appalti & Contratti 9.12.2. The target ...) + TODO: check +CVE-2022-44784 (An issue was discovered in Appalti & Contratti 9.12.2. The target ...) + TODO: check CVE-2022-44619 RESERVED CVE-2022-44610 @@ -8323,12 +8349,12 @@ CVE-2022-43711 RESERVED CVE-2022-43710 RESERVED -CVE-2022-43709 - RESERVED -CVE-2022-43708 - RESERVED -CVE-2022-43707 - RESERVED +CVE-2022-43709 (MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users ...) + TODO: check +CVE-2022-43708 (MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabil ...) + TODO: check +CVE-2022-43707 (MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visu ...) + TODO: check CVE-2022-43706 RESERVED CVE-2022-43705 [malicious OCSP responder could forge OCSP responses] @@ -8383,8 +8409,8 @@ CVE-2022-43687 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 NOT-FOR-US: Concrete CMS CVE-2022-43686 (In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 an ...) NOT-FOR-US: Concrete CMS -CVE-2022-43685 - RESERVED +CVE-2022-43685 (CKAN through 2.9.6 account takeovers by unauthenticated users when an ...) + TODO: check CVE-2022-43684 RESERVED CVE-2022-43683 @@ -9728,10 +9754,10 @@ CVE-2022-43217 RESERVED CVE-2022-43216 RESERVED -CVE-2022-43215 - RESERVED -CVE-2022-43214 - RESERVED +CVE-2022-43215 (Billing System Project v1.0 was discovered to contain a SQL injection ...) + TODO: check +CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL injection ...) + TODO: check CVE-2022-43213 RESERVED CVE-2022-43212 @@ -9875,8 +9901,8 @@ CVE-2022-43145 RESERVED CVE-2022-43144 (A cross-site scripting (XSS) vulnerability in Canteen Management Syste ...) NOT-FOR-US: Canteen Management System -CVE-2022-43143 - RESERVED +CVE-2022-43143 (A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 ...) + TODO: check CVE-2022-43142 (A cross-site scripting (XSS) vulnerability in the add-fee.php componen ...) NOT-FOR-US: Password Storage Application CVE-2022-43141 @@ -12661,8 +12687,8 @@ CVE-2022-42098 RESERVED CVE-2022-42097 RESERVED -CVE-2022-42096 - RESERVED +CVE-2022-42096 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) + TODO: check CVE-2022-42095 RESERVED CVE-2022-42094 @@ -12888,7 +12914,7 @@ CVE-2022-38143 RESERVED CVE-2022-36354 RESERVED -CVE-2022-3388 (Improper Input Validation vulnerability in Hitachi Energy MicroSCADA P ...) +CVE-2022-3388 (An input validation vulnerability exists in the Monitor Pro interface ...) NOT-FOR-US: MicroSCADA CVE-2022-3387 (Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path tr ...) NOT-FOR-US: Advantech R-SeeNet @@ -12988,8 +13014,8 @@ CVE-2022-41947 RESERVED CVE-2022-41946 RESERVED -CVE-2022-41945 - RESERVED +CVE-2022-41945 (super-xray is a vulnerability scanner (xray) GUI launcher. In version ...) +
